graham.coles@the-logic-group.com wrote: >> It works for: >> the same user using ssh as is on the console; > If someone can remotely log in as you over ssh then they already have your > password (or worse, certificate!), so why would they try to obtain it from > a browser? They can obtain other stuff that I type in the browser, such as passwords etc that I might use for online banking and which I don't store in Keychain. Personally, I don't think that the Keychain bit is particularly important. > They already have total access to all your files, there would appear to be > nothing more to gain from this. Perhaps you do (in which case I recommend you stop), but I don't store all my information in files, and of that which I do, not all those files are merely protected by my standard login and password. Some, such as how I authenticate to my bank, are stored in a gpg-encrypted file in case I ever forget. Others, such as my gpg passphrase, live only in my head. Trust me, merely logging in as me won't help anyone get at those data. >> the root user using ssh (or someone who can sudo) can inject >> Javascript into the console user's browser; > Are you even considering what you are saying? Yes. Are you? > Someone has *ROOT* access to your system REMOTELY over ssh and you're > worried that they might be able to retrieve a password from your keychain. Yes, it would be annoying if someone rooted my laptop. It would be a lot more annoying if they not only rooted my laptop but also cleaned out my bank account via my browser. It *is* somewhat disturbing that root can so trivially interfere with the guts of someone else's processes. Normally, root has to do a lot of work to do that. >> a different non-root user on the console can do it too > Which again restricts this vunerability (as previously mentioned) to an > attacker who happens to be sitting in front of your machine(!) Did you read the bit where I speculated about setuid applications? -- David Cantrell