@varjolintu I understand there are some access controls, but they can be buggy. A bug in the browser extension IPC access control could reveal your entire database to your browser.
If you don't have the means to query the database from other processes the entire attack vector goes away.
i.e. keepassxc-light or whatnot could only ever have critical CVEs if it messed up the database encryption.
@varjolintu Optimally I'd go a step further:
- make keepassxc open files using portals (it might already, I don't know)
- write an AppArmor profile that only allows r/w configuration files, and read access to /usr
Then you can select databases, key files, and work with them and rest assured that even if keepassxc core is compromised (whether that's a new malicious maintainer sneaking in, or a gcc backdoor 😄) it can't talk anywhere else.