I see what you mean –
> cat .config/kwalletrc
[Auto Allow]
kdewallet=kiod5,drkonqi,kwalletmanager5,okular,kwallet-query,kded5,akonadiconsole,kmail2,korganizer,kontact,akonadi_maildispatcher_agent,akonadi_imap_resource_0,accountwizard,akonadi_imap_resource_1,akonadi_imap_resource_2,akonadi_imap_resource_3,akonadi_imap_resource_4,akonadi_imap_resource_5,akonadi_imap_resource_6,mailtransports,akonadi_imap_resource_7,akonadi_imap_resource_8,imap,akonadi_imap_resource_9,Chromium
[Auto Deny]
kdewallet=
[Migration]
alreadyMigrated=true
[Wallet]
Close When Idle=false
Close on Screensaver=false
Default Wallet=kdewallet
Enabled=true
First Use=false
Idle Timeout=10
Launch Manager=true
Leave Manager Open=false
Leave Open=true
Prompt on Open=true
Use One Wallet=true
[org.freedesktop.secrets]
apiEnabled=true
>
But, if an attacker can access and modify the files in ‘~/.config/’ then, everything in your user directory is very broken, compromised,and, in general, open to the world.
And, the default protection on a user’s configuration directory is exactly that which is specified in ‘/etc/skel/’ –
> l -d /etc/skel/.config
drwx------ 2 root root 4096 15. Mär 2022 /etc/skel/.config/
>
And, the default protections on a user’s KWallet configuration files are –
> l .config/*wall*
-rw------- 1 xxx users 52 20. Aug 2022 .config/kwalletd5.notifyrc
-rw------- 1 xxx users 1018 7. Jan 12:25 .config/kwalletmanager5rc
-rw------- 1 xxx users 764 29. Dez 10:09 .config/kwalletrc
>
Ditto, the KWallet session files which used to be placed in ‘~/.config/session/’.
So, a given user has been compromised – their user data (including e-Mail and WLAN access points) is accessible to the attacker –
- If, you want to prevent the attacker from accessing additional passwords then, you’ll need an additional Wallet with a different password to the user’s login password – which is what KWallet offers anyway …