|
Top-level
 @varjolintu I understand there are some access controls, but they can be buggy. A bug in the browser extension IPC access control could reveal your entire database to your browser. If you don't have the means to query the database from other processes the entire attack vector goes away. i.e. keepassxc-light or whatnot could only ever have critical CVEs if it messed up the database encryption. 2 comments
@juliank There are already a few PR's waiting for 2.8.0 that will reduce the possibility of such attacks. One is storing access related settings directly to a database instead of a config file. Another one allows restricting processes that can access the database. Revealing the entire database without user knowing it would be very difficult even now. Are you concerned about the possible attack vectors on Bitwarden? With multiple dependencies, and as an Electron application it has its downsides. |
Gregory's Server
@varjolintu Optimally I'd go a step further:
- make keepassxc open files using portals (it might already, I don't know)
- write an AppArmor profile that only allows r/w configuration files, and read access to /usr
Then you can select databases, key files, and work with them and rest assured that even if keepassxc core is compromised (whether that's a new malicious maintainer sneaking in, or a gcc backdoor 😄) it can't talk anywhere else.