I use kwallet without fear of losing my password. All applications used kwallet was open source, and I was satisfied at all.

Few moths ago I was surprised Skype ask me for password to kwallet. I reject its request, and skype works well. But I have question :

Because M$ is not my favotite company ( but they buy skype ) I have question if skype can read all kwallet content or only skype-related stored ones. I have no idea kwallet works, if -for example - kmail can read networkmanager's or other passwords etc .... No article about this found via google or so ...

I have to complete my question: I'm not sure if Skyúe ask me for kwallet or gnome keyring password ( gnome keyring or so use - I think - LibreOffice for storing "remote storage" login credentials, but maybe i'm wrong.

So or so ... my question is : can programs read credentials stored by other one ?

Thanks for reply

Milan

And sorry for my "English" .. I believe you understand me.

Hi milanuhrak,

I'm quite disappointed to see no activity on this thread, despite it is a very important topic. kdewallet is the default password manager on plasma and it's integration makes storing passwords quite convenient. However, I think it does not have any separation between applications that use the wallet.

To sum up your use case: you run an untrusted application with user rights. Is this application able to access all your passwords? Yes.

The default wallet (referring to Kubuntu installations here) is 'kdewallet', which is unlocked on login. Every password you save is stored in there. So for testing, I spin up a Kubuntu VM. Because it's all about security here, I also set a password on the default 'kdewallet' wallet. Now, once this wallet is unlocked (i.e., after the first time you entered the password for the wallet), this wallet is 'open'.

For testing, I connect to a Samba share in my local network and save the password to kwallet.

How could some other application like Skype access my network share password? Skype could run this command:

Code: Select all

$ kwallet-query -l kdewallet
smb-home-nas:-1
$ kwallet-query -r "smb-home-nas:-1" kdewallet
{
    "login": "storage",
    "password:" "super_secure_password"
}


If the wallet is unlocked (which it usually is after you entered the password for the first time), there is no prompt for confirmation or anything. There is however a switch to enable such a prompt for confirmation in the kwallet configuration:

Code: Select all

$ kcmshell5 kwalletconfig5


Open the "Access Control" tab and check "Prompt when an application accesses a wallet". This does not tell you which entry the application accesses, but at least it tells you there is some access. But imagine that Skype does not tell the kwallet "Hey, it's me, Skype!" but instead simply uses "kwallet-query". The confirmation window will tell you that kwallet-query accesses your password. Seems legit, right?

I'm not sure about the current state of desktop linux, but maybe there is no way for kwallet to check the integrity of any application. How do you know Skype is Skype, or another application claiming to be Skype in order to access your Skype passwords? If this is a work-in-progress on desktop linux, I'd be happy to read about it.

Some people may point out that you failed security when you run an untrusted application. This is something we can solve with sandboxing, restricting access to the bare minimum. kwallet should provide the possibility to separate application data, granting access only to the application that stored the passwords in the first place.

There is this thread on the mailing lists https://marc.info/?l=kde-devel&m=146788782429932&w=2 from 2016, and it seems there has not been much change since then.


They sum it up pretty nice: kdewallet, once unlocked (i.e., most of the time) provides the same security as a 'passwords.txt' file on your desktop.

Thanks useruser for sharing the research. Years later and the situation remains... not only is KWallet confusing and annoying, and probably just as secure as "passwords.txt" in most usage scenarios - but we can't even sidestep it as many apps depend on the wallet for password storage.

Hoping the KDE wizards might prioritize this... love Plasma but this is a nightmare dealbreaker

The purpose of the wallet is to separate the passwords of user A from those of user B. In practice, user B must not be able to access the passwords of user A. I believe that your concerns are other ...