Closed TaurusOlson closed 9 years ago
zQueal
commented
9 years ago This deals with permissions, not with passpie itself. Only a user with permissions to edit the ~/.passpie directory will be able to add or update entries. Remove all but your ability to edit this directory and this is no longer an issue.
TaurusOlson
commented
9 years ago If I understand correctly what you mean, all I have to do is to make sure I am the only one allowed to modify the directory. If that's correct that doesn't solve the problem because anyone can still modify this directory if he/she is connected with my user on my session. The permissions don't ensure the person connected with my user is me.
The only way to make sure the person modifying the directory is really the person who created it is me would be to ask the passphrase.
zQueal
commented
9 years ago If I understand correctly what you mean, all I have to do is to make sure I am the only one allowed to modify the directory.
In theory, correct. It all depends on your environment, though. If another computer administrator wanted to, and they knew the passpie commands, they could easily access the database under your local folder. From there, however, they'd need your encryption password.
If that's correct that doesn't solve the problem because anyone can still modify this directory if he/she is connected with my user on my session.
The software itself is developed with linux systems in mind, where something like this isn't an issue because of how the OS deals with permissions. From this I can guess that you probably use Windows.
The permissions don't ensure the person connected with my user is me.
There is no way to ensure that a person doing anything is the person they're claiming to be. Even with passwords--which is why a program like this is needed. Credentials are inherently flawed this way and as a result two-factor authentication was created.
From what you're saying, you're probably looking for a more comprehensive solution, like LastPass which saves your credentials in the cloud and not on your local PC. But, to fix this, you could initialize a new database on a removable media drive, like a flash drive or a network location that you control. By doing that, if you don't want someone to have access to your passwords, then simply remove the volumes in question.
Other than that, who knows if the dev is going to want to implement something like this--however, the ability to enable a feature like this should be seriously considered.
TaurusOlson
commented
9 years ago The software itself is developed with linux systems in mind, where something like this isn't an issue because of how the OS deals with permissions. From this I can guess that you probably use Windows.
I'm on Mac, a unix OS, so it's not about OS environment or a user permission issue.
Let's suppose I'm on Ubuntu. If I want to add a package I will have to do:
sudo apt-get install <package>and enter my password because installing a package (i.e adding something new) can have serious consequences on my computer.
That's exactly what I mean with passpie. When I do
passpie add foo@example.comI also add something new but, in this case, I'm not asked to enter a password/passphrase.
Any action that affects your sensitive data (whether we are talking about the database of passpie or your unix system) should be protected by a password/passphrase. That's exactly the case with any unix system.Why not with passpie?
zQueal
commented
9 years ago I'm on Mac, a unix OS, so it's not about OS environment or a user permission issue.
The principal is the same, I only guessed wrong with your OS.
I also add something new but, in this case, I'm not asked to enter a password/passphrase.
The assumption is, is that you're authenticated because you're signed in as someone who has read/write access to the database. You have "signed in" to your user account. That should be enough protection, really.
and enter my password because installing a package (i.e adding something new) can have serious consequences on my computer.
Any user who is logged in as you will be able to change your credentials.
With passpie, when a new user initializes a database it's saved to that user's home directory. The assumption is, is that with any environment user specific directories are user permissive, but not, non-user permissive. Therefore, if I have accounts A and B. User A creates a database under /Users/A. By default, B will not have read/write access to that database since they are not user A. And vice versa. Where you run into issues is when user B actually does have read/write permissions for user A's database. So simply change the permissions of A's database files and your problem disappears assuming you're the only one who logs into your user account. If that's not the case, then this isn't the type of software you're looking for.
Any action that affects your sensitive data (whether we are talking about the database of passpie or your unix system) should be protected by a password/passphrase.
This is still true. As far as the operating system is considered, passpie is reading and writing plain text files and using GPG to encrypt or decrypt them. Nothing actually sensitive is being done. The most permissive thing that's done in the entire process is passpie uses the GPG keyring which still doesn't require a password because we're working with public keys.
This is the same functionality that any program like this takes. Even Pass which is by far the most used *nix based CLI password manager. If you're logged in as a user with a password store, and have read/write access to that password store, that should be authentication enough for you to add items to the database in the same way you don't need to enter your user account password when you execute touch file.ext -- as long as you have write permissions to the folder in which you're creating the file....
marcwebbie
commented
9 years ago Hello @TaurusOlson. Thanks for opening this issue
@zQueal pretty much said what was on my mind. If someone is logged as your user, she can do pretty much anything to your home directory. For example:
rm -rf ~/Music ~/Downloads ~/PicturesAs well as removing all your credentials with: rm -rf ~/.passpie
This is more about a system configuration, not a passpie issue in my opinion.
TaurusOlson
commented
9 years ago I was worried about the integrity of the passwords stored. Of course, anybody could remove anything on my computer if she had access to it and couldn't crack the passphrase. However the idea that she can modify and corrupt what is supposed to be secret annoys me. Losing information is one thing but having wrong information and ignoring it is, in my opinion, worse. I guess the history implemented in passpie solves this issue so I'll close it.
Thanks for your explanations and patience @zQueal and @marcwebbie. By the way, passpie is a great tool. ;-)
marcwebbie
commented
9 years ago Yes. Passpie history might help preventing occasional deletion of credentials.
Glad we helped. Thanks.
Hi,
I'm new to passpie and I don't know if this issue has already been adressed but it seems to me that allowing any user add or remove your credentials is a serious flaw. Indeed actually anyone on my computer can do:
or
He/she may not steal my credentials but can remove them or add wrong ones. Wouldn't it be more secure to ask the user to enter the passphrase before modifying something?