Comments (4)
Alternative idea: use an agent-style architecture:
kbs2 --agent
asks for the master password and runs in the background with the unwrapped key in memory- Subsequent
kbs2
invocations check for a Unix domain socket based in part on thekeyfile
name, and use that to temporarily grab the unwrapped key
Pros:
- Lots of decent reference material (
ssh-agent
) - Same threat model as the current approach (an attacker with the same or greater permissions as the current user can steal the wrapped key, but an offline attacker can't)
- Probably simpler than the current SHM mess
- Actually ends the "session" on user logout, which is more intuitive than the current behavior
Cons:
- Requires a background process
- Requires messing with Unix domain sockets in Rust
from kbs2.
Ratcheting down the security of an agent-style approach: kbs2 --agent
would be run from the same underlying executable as any subsequent kbs2
calls, so the executable path could be a some authenticity check for the client. That doesn't stop someone from replacing the kbs2
executable with something malicious, though.
Braindump:
- Linux supports
SO_PEERCRED
for getting the PID of a Unix socket client - macOS appears to support
getpeereid(3)
andLOCAL_PEERCRED
for the same purpose- Edit:
getpeerid
/LOCAL_PEERCRED
only doesuid
andgid
for some reason. Annoying. ApparentlyLOCAL_PEERPID
works, but is undocumented.
- Edit:
Then, from the client PID:
- Linux:
readlink
on/proc/{PID}/exe
to get the original executable path - macOS: Use
proc_pidpath
or something else fromlibproc
to get the executable path
from kbs2.
More braindump:
kbs2 --agent
does a checksum of its own executable on startup- After resolving the executable path of the client requesting the unwrapped key, do a checksum of that path's contents
- If the checksums match, allow the connection
Downside:
- Different versions of
kbs2
running on the same host won't be able to talk to the same agent.
from kbs2.
#103.
from kbs2.
Related Issues (20)
- Make the `kbs2 list` and `kbs2 dump` outputs more machine friendly
- Support rekeying the entire store
- kbs2-dmenu-pass/kbs2-choose-pass: support displaying the record's username
- Add a "retry" mode for Pinentry prompts HOT 1
- Use secrecy and the `Zeroize` trait for records
- Rethink the agent's key management
- Subcommand aliases
- Add a "default-username" setting HOT 2
- contrib: add a `kbs2 airdrop` script HOT 1
- Respect XDG for the default config and store locations
- pkcs11 support? HOT 2
- Replace `daemonize` with `daemonize-me` HOT 1
- Testing: CLI integration tests
- CLI: `kbs2 encrypt` and `kbs2 decrypt` HOT 1
- macOS run init fail: thread 'main' panicked at 'Must use `Arg::allow_invalid_utf8` with `_os` lookups HOT 5
- `keyring` backend for `kbs2`
- Record aliases HOT 1
- `kbs2 edit` not working HOT 3
- Figure out how to handle labels that aren't valid paths HOT 2
- Update inquire to v0.5.2 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kbs2.