Admittedly I was a bit shocked to see my passwords start pumping out: all I needed to do was click "Allow" and away it went. Why would keychain remain unlocked? Why doesn't that command need sudo? This seems like a pretty decent security flaw to me...
Why would it need sudo? If that were the case, then every web browser and every IM client and everything else on your computer with a password would need sudo.
You're telling your computer to save your passwords and give them back to you later. You shouldn't be surprised when it gives them back to you later.
So, generally each application needs to be authorized separately. I should have to type my password to allow this application to access my passwords. If I can just click "allow" with no password, then so can anyone else trivially with Terminal access.
If I go into Keychain access, and ask to see a password, it prompts for my master password before showing it to me. This should too.
From KeyChain's point of view, this command-line utility, /usr/bin/security, is no different from other GUI applications like Mail.app and Safari.app that relies on KeyChain to supply remembered passwords. If you expect KeyChain to prompt you for your master password when /usr/bin/security asks KeyChain for passwords, then you will be prompted every time Mail.app checks your email.
Actually you can configure KeyChain to do just that: just set the keychain to lock after 0 minutes of inactivity. But there is always the tradeoff between security and convenience. And when you give away physical access and a logged-in session away to a malicious user, offering protection will require a lot of inconvenience.
Is this sarcasm? You clicked "Allow"; what would you expect of an application to which you granted access to your keychain, other than for that application to thereby gain access to your keychain?
Why is someone who is not you logged in using your account with the ability to click that button in the first place?
Layering security on the user account after login tends to annoy the hell out of people. Ask any users you know what they think of Windows 7/Vista's UAC.
I agree with your first sentence. I sort of agree with the people saying this behaviour is by design and is not a serious security flaw.
> Layering security on the user account after login tends to annoy the hell out of people. Ask any users you know what they think of Windows 7/Vista's UAC.
But this isn't another OS. This is OS X, which is built on BSD, and BSD is a secure OS. Another question to ask would be "Ask any users you know what they think of sudo".
I like the article. It's not sensationalist. It's not dramatic. It's just saying "Hey, do this! Surprised? This is why you need to be careful with your account and your password."
That seems reasonable to me. Many people Using OS X are not from a Unix background. They have never used a BSD before. They don't really have the security stuff ingrained.
Gentle reminders from time to time are a good thing.
Your login Keychain is usually unlocked - it's encrypted with a key derived from your password that's held in memory from when you log in.
You can lock your login Keychain (or any other) from Keychain Acccess (/Applications/Utilities) or from the security menu bar item (if you have it added) and you'll be asked for the password rather than asked to "allow" it.
