real session security #17
Description
leaving this as an open issue for jotting down thoughts. Currently sessions are reusable by storing a txt file in /tmp/bitwarden-session.txt. This is obviously not ideal, since it opens up users to an attach which looks for that open session file. I haven't figured out how to store a key somewhere on the system in such a way that I can access it from different terminals/processes and not force the user to provide a key.
Perhaps I can tie the session key to the keyring using the user's access as the permission. Its probably safe to assume that the user executing the command is safe to access that session key.
Another open is setting up a daemon. It would be easy to just assume the session key being stored in memory is "good enough" for now. This would also help with race conditions on closing the session/clearing the clipboard. A daemon is more annoying to wield though, it requires adding something to your startup scripts