Ubuntu
gnome-keyring package

gnome-keyring has an inadequate man page and employs insecure defaults for GPG passphrase caching

Bug #1325833 reported by Andreas Siegert
264
This bug affects 3 people
Affects Status Importance Assigned to Milestone
GNOME Keyring
Fix Released
Medium
gnome-keyring (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

The GCR package has no man page or other documentation that would explain how the GPG passphrase caching is configured.
For a package that deals with a critical piece of security infrastructure that is not acceptable.

It defaults to caching GPG passphrases for the whole session which again is not good security practice.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gcr 3.10.1-1
ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11
Uname: Linux 3.13.0-27-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Jun 3 09:17:51 2014
InstallationDate: Installed on 2014-04-24 (39 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
SourcePackage: gcr
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Andreas Siegert (afx) wrote :
Seth Arnold (seth-arnold)
information type: Private Security → Public Security
Marc Deslauriers (mdeslaur)
Changed in gcr (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist
Revision history for this message
Andreas Siegert (afx) wrote :

So why does this get importance undecided?
This silly thing has a direct security impact.

Revision history for this message
Andreas Siegert (afx) wrote :

And then the next update also overwrites my user settings. Of course this is all undocumented and I have start hunting again for how to fix the idiotic cache permanently setting.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Are you sure you're not referring to gnome-keyring?

Revision history for this message
Andreas Siegert (afx) wrote :

When I see a gcr password prompter asking for my password, then for me it looks like gcr is the thing responsible.

See also https://bugs.launchpad.net/ubuntu/+source/enigmail/+bug/1325832
This is how I stumbled into the issue.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

gcr isn't responsible.

The GPG agent is actually gnome-keyring-daemon from the gnome-keyring package. You can change the defaults in dconf just like the other graphical GNOME applications.

From the description of /desktop/gnome/crypto/cache/gpg-cache-method:

The method to use for caching passphrases typed into the GPG agent.
Should be one of: 'always' caches permanently, 'session' caches until session end,
'idle' caches until the not used for gpg-cache-ttl seconds, 'timeout' caches until
gpg-cache-ttl seconds.

Revision history for this message
Andreas Siegert (afx) wrote :

gpg-agent is not involved at all. It is not running.

I never asked for this. I stumble across the gcr password prompter and a messed up passphrase handling in Thunderbird/enigmail that use gcr under the hood (see referenced bug) without the user ever being asked about this.

When I try to find out what the hell is going on, I find the gcr password prompter running which is not documented.
How should I know about this dconf stuff if there is no documentation in the gcr packages that points me to it?

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

enigmail doesn't use gcr under the hood, it uses whatever GPG agent is listening on the socket pointed to by the GPG_AGENT_INFO environment variable. By default, in Ubuntu, it's gnome-keyring-daemon, and not gpg-agent.

If you want documentation besides what is in the dconf schema description, please file a bug here, and attach it to this one:

https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-keyring

Thanks.

affects: gcr (Ubuntu) → gnome-keyring (Ubuntu)
summary: - GCR has no man page and employs insecure defauts for GPG passphrase
- caching
+ gnome-keyring has an inadequate man page and employs insecure defaults
+ for GPG passphrase caching
Revision history for this message
Andreas Siegert (afx) wrote :

I have configured Enigmail to not use gpg-agent. It is not running at all...
But this is an issue for the other bug...

Gnome bug: https://bugzilla.gnome.org/show_bug.cgi?id=733032

Bug Watch Updater (bug-watch-updater)
Changed in gnome-keyring:
importance: Unknown → Medium
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in gnome-keyring:
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gnome-keyring:
status: Confirmed → Fix Released
Revision history for this message
Jeremy Bícha (jbicha) wrote :

I'm marking this bug as fixed, in accordance with the upstream bug report:

"gnome-keyring no longer implements a gpg-agent. The gnupg agent and pinentry have been better integrated with GNOME.

https://mail.gnome.org/archives/distributor-list/2015-August/msg00000.html "

https://bugzilla.gnome.org/733032

Further, gnome-keyring-daemon now has a better man page. See https://launchpad.net/bugs/1421955

Changed in gnome-keyring (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.