wmpasman Git

21 lines (16 with data), 1.0 kB

WARNINGS

Since wmpasman uses the X paste mechanism, you probably shouldn't use it
over a remote X session unless the session is protected with SSLtelnet, SSH,
or some other secure transport.

Although wmpasman will use locked memory where possible, the passwords are
necessarily copied to random memory locations when pasted and whenever a
password is actually displayed in the GUI.

Use the logout feature of the app if you leave your teminal, even for a
moment. Otherwise, anyone could open an Xterm and paste all your passwords.
Then again, it's always a good idea to log out completely (or use xlock, or
a similar program), so you shouldn't need to be told this.

It's possible that a rogue program could watch for wmpasman to own the
selection, and immediately issue a paste request to steal your password.
There's really no way to prevent this, except by not running untrusted
applications. Depending on the security of your org.freedesktop.secrets daemon,
they might also be able to watch for the collection or items to be unlocked.