I'm creating a remaster Ubuntu based distro meant to be ran live, with the primary purpose of running online. The idea is to protect the Linux, Windows and Mac installed OS's on the hard drive from getting a virus (Windows and Mac do not provide such a secure solution, this is where grandpa Unix can provide some security.) The users need a password manager for their online accounts. I've chosen KeePassX as the password manager and Firefox as the primary browser. I've decided against Firefox password manager because once opened, other processes can have unhindered access to all the passwords. KeePassX, although not as bad, seems to have a similar vulnerability in that processes with the same privileges would allow a clever hacker to make requests and gain other passwords locked in the safe.
I'm considering storing KeePassX in a root protected directory and changing it's permissions to only be launched by the root group.
My theory is that the database will be protected against non-root processes. Secondly, it can't be executed without a password. I'm not an expert, but this seems ideal for a first level of protection.
I'm getting flack from the Linux community that I shouldn't run things that are not designed to run as root. i could understand some concerns. If for instance KeePassX executed scripts that non-privileged users had read and write privileges to, it could be tricked into doing nasty things. I'm under the impression that if it's code does behave (keeping it's files in one directory that is root protected) everything will be fine.
Is the KeePassX design fit to run as root on a Live Linux Distro, where a user will be online accessing accounts that KeePassX will provide passwords for via a copy and paste mechanism?
KeePassX As Root
2 posts
• Page 1 of 1
KeePassX As Root
by bambuntu » 17 Feb 2012, 07:49
- bambuntu
- KPX user
- Posts: 1
- Joined: 17 Feb 2012, 07:16
- Full Name: Jordan Evans
Re: KeePassX As Root
by New2Linux » 27 Feb 2012, 00:08
Hi Jordan,
I am in no position to give advice about 'storing KeePassX in a root protected directory '. Usually I don't touch /root at all.
But I welcome savvy people to work on this good application. There are users who started asking whether the application is already dead . But I believe that some progress is being made but albeit slow since apparently only one developer is still doing the work.
I like KeepassX very much since it has all that I need. And I will continue using it unless some serious vulnerability is reported.
I am in no position to give advice about 'storing KeePassX in a root protected directory '. Usually I don't touch /root at all.
But I welcome savvy people to work on this good application. There are users who started asking whether the application is already dead . But I believe that some progress is being made but albeit slow since apparently only one developer is still doing the work.
I like KeepassX very much since it has all that I need. And I will continue using it unless some serious vulnerability is reported.
- New2Linux
- KPX user
- Posts: 35
- Joined: 07 Jul 2009, 20:05
2 posts
• Page 1 of 1
Return to KeePassX under Linux
Who is online
Users browsing this forum: No registered users and 3 guests