|
Top-level
 @varjolintu The clipboard thing is a bit annoying, as far as I understand it's privileged in Wayland to some extent, and the autotype doesn't work there. But having one password in there for 15s, that a malicious software would need to correlate with what you are doing to find out what it's for is very much a better choice than exposing APIs to query any password IMO. 5 comments
@varjolintu I understand there are some access controls, but they can be buggy. A bug in the browser extension IPC access control could reveal your entire database to your browser. If you don't have the means to query the database from other processes the entire attack vector goes away. i.e. keepassxc-light or whatnot could only ever have critical CVEs if it messed up the database encryption. @varjolintu Optimally I'd go a step further: - make keepassxc open files using portals (it might already, I don't know) Then you can select databases, key files, and work with them and rest assured that even if keepassxc core is compromised (whether that's a new malicious maintainer sneaking in, or a gcc backdoor 😄) it can't talk anywhere else. @juliank There are already a few PR's waiting for 2.8.0 that will reduce the possibility of such attacks. One is storing access related settings directly to a database instead of a config file. Another one allows restricting processes that can access the database. Revealing the entire database without user knowing it would be very difficult even now. Are you concerned about the possible attack vectors on Bitwarden? With multiple dependencies, and as an Electron application it has its downsides.  @juliank @varjolintu In theory access to the clipboard on Wayland is limited to the focused window, though in practice this isn't really secure (on most compositors), since compositors tend to give focus to windows when they are created. Something like wl-copy/wl-paste exploits this with a small temporary window. |
Gregory's Server
@juliank There's an API but it isn't exposed in a way that anyone could query something from it without user knowing about it. Plus it only works locally and is not exposed to outside world. Is these one of the features that are insecure in your opinion?