Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Write-only store for secrets #105

Closed
mgorny opened this Issue Aug 8, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@mgorny
Copy link

mgorny commented Aug 8, 2018

Currently the secrets are stored in a user-readable file. This is not necessarily a good idea, given that if an attacker manages to gain limited access to the user's session or account, and read that file, he can duplicate the token used for 2FA without leaving much of a trace.

Having a write-only secret store would be nice to have. That is, storing the configuration in a way that prevents the user from reading the secret (and emergency codes), and only allows him to update or remove it altogether. It might be also reasonable to prevent updates to other options without setting a new secret, to prevent the attacker from weakening the system silently.

If this were the case and the attacker only managed to obtain partial/temporary access to the user's session, the best he could do is disable 2FA altogether or set a new secret. In both cases, the user will notice it on next login (attempt).

A possible implementation would be to make google-authenticator setuid, and keep the files with restricted access somewhere.

@ThomasHabets

This comment has been minimized.

Copy link
Collaborator

ThomasHabets commented Aug 8, 2018

You can make a wrapper program and use secret= and user=some-dedicated-user to achieve this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.