moolticute
moolticute copied to clipboard
Describe (and maybe change) your security model
Missing feature
We (SUSE security team) had a look at this software (https://bugzilla.suse.com/show_bug.cgi?id=1202928). We noticed that the assumption seems to be that this is running on a uncompromised, single user machine. In the the configuration we checked other users on the machine were able to interact with the device via the services without authentication.
This should be made transparent to users.
Better yet: Describe the security model you're basing your assumptions on and use that opportunity to change the current behavior. E.g. one assumption could be that this can be used securely on a multi-user computer. Then add the necessary protections to ensure that the software runs securely under the assumed security model