Account details unremovable.

Bug #462994 reported by Innomen on 2009-10-29
40
This bug affects 8 people
Affects Status Importance Assigned to Milestone
Empathy
Invalid
Medium
empathy (Ubuntu)
Low
Unassigned
telepathy-mission-control-5 (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: empathy

Uninstalled via synaptic, "completely remove," sudo apt-get --purge remove empathy, sudo apt-get autoremove, sudo apt-get clean, Deleted the empathy folders in .config and .gconf/apps, deleted the .mission-control folder... reinstalled and it STILL remembered my account details lol

Also, no listing in seahorse.

Also, accounts removed via the application itself pop back in on restart of application.

Where are the account details, usernames and passwords, ACTUALLY stored?

Running Karmic.

visibility: private → public
Jamie Strandboge (jdstrand) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

security vulnerability: yes → no
Innomen (brandon-sergent) wrote :

I call my account logins and passwords being stored in an unknown place possibly plain text by the now default Ubuntu IM client a security vulnerability.

The locations of configuration files need to be disclosed. I want to delete EVERY TRACE of this application from my system. Most especially my logins in passwords which is the one chunk of information it most strenuously holds on to.

I've halted all automated bug reporting because I don't know if its going to grab those logins and post them for the world to see.

IM logins are not just im, they are facebook and gmail logins as well, and that leads to virtually everything else.

This most certainly IS a security issue.

Sebastien Bacher (seb128) wrote :

Thank you for your bug report. The issue is an upstream one and it would be nice if somebody having it could send the bug the to the people writting the software (https://wiki.ubuntu.com/Bugs/Upstream/GNOME)

Changed in empathy (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
importance: Undecided → Low
Celibriem (ide-alexander) wrote :

if u delete all the accounts and then delete the package all passwords are gone.

Innomen (brandon-sergent) wrote :

I removed everything I and 5 people in the ubuntu support room could find. What do you mean by "accounts"?

Read my original submission.

Celibriem (ide-alexander) wrote :

@innomen
you can start empathy and then go the account menu, then manualy remove every account that is in there bij clicking on the symbol next to the account name.
When i do that, removes the package and then reinstall the package the account information is not present anymore in the newly installed empathy

Brian Curtis (bcurtiswx) wrote :

Maybe this bug should turn towards saying that on package removal the empathy accounts should be deleted. I would expect that to happen as well.

Innomen (brandon-sergent) wrote :

@celibriem

Thats the very first thing I tried, they simply returned when the program was restarted, hence my search for the actual configuration files, so I could manually delete them, and the discovery of the bug.

@Brain curtis

I was told that deletion of personal configuration files is uncommon even when "complete removal" is checked. I was further told that this expectation was unreasonable. (?!?)

Brian Curtis (bcurtiswx) wrote :

well, I guess all I can say is that thankfully it's all on your home directory in hidden files. Just remove .empathy after complete uninstall and that may take care of it.... At least get this pushed upstream as per Sebastiens requests.

Innomen (brandon-sergent) wrote :

@Brian

Heh, you should try these things before you suggest them.

Trust Me. it's not that simple.

Brian Curtis (bcurtiswx) on 2009-11-15
Changed in empathy (Ubuntu):
status: New → Incomplete
Omer Akram (om26er) wrote :

This does not exist in lucid. I purged empathy then deleted .conf/empathy .gconf/empathy and .mission-control then reinstalled empathy and there was no account. it rather asked me if i wanted to import anything from pidgin/create any new account

Celibriem (ide-alexander) wrote :

I just tried it again, i did:
test 1:
start up empathy
removed all accounts inside the program
sudo apt-get remove empathy --purge
sudo apt-get remove telepathy-*

sudo apt-get install empathy
started empathy and there where no accounts left.
in the .conf/empathy .gconf/apps/empathy and .mission-control maps there was nothing that directed to a previous install.

test 2:
made an account in empathy
sudo apt-get remove empathy --purge
sudo apt-get install empathy
started empathy and the account was still inside.

I don't know if empathy can do anything about it? But if u remove an application is it not common that everything is removed of that application from your harddrive? If u want to keep things the application self should have a backup/store settings function. Normal users are not used to clean everything up BEFORE they remove the program.

Celibriem (ide-alexander) wrote :

I just noticed that the pasword is still in your keyring :|
so pay extra attention if u quick-login on an other pc, if u dont remove the password in the keyring (seahorse or so) then he has your pasword!

note: this happens only if u remove it like in test 2. If you are in test 1 it is removed out of your keyring.

Omer Akram (om26er) wrote :

the bug report is true. when empathy is purged it should also delete saved accounts and also the keyring should also be removed. (is it a security bug?).

Changed in empathy (Ubuntu):
status: Incomplete → Confirmed
Omer Akram (om26er) wrote :

Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments at: https://bugzilla.gnome.org/show_bug.cgi?id=607325

Omer Akram (om26er) wrote :

Upstream developer say that this is a mission-control bug

Binary package hint: empathy

Uninstalled via synaptic, "completely remove," sudo apt-get --purge remove empathy, sudo apt-get autoremove, sudo apt-get clean, Deleted the empathy folders in .config and .gconf/apps, deleted the .mission-control folder... reinstalled and it STILL remembered my account details lol

Also, no listing in seahorse.

Also, accounts removed via the application itself pop back in on restart of application.

Where are the account details, usernames and passwords, ACTUALLY stored?

Running Karmic.

GNOME said its mission control problem
Reporting from downstream Ubuntu
https://bugs.edge.launchpad.net/ubuntu/+source/telepathy-mission-control-5/+bug/462994

Brian Curtis (bcurtiswx) wrote :

re-upstreamed to telepathy

Changed in empathy (Ubuntu):
status: Confirmed → Invalid
Changed in telepathy-mission-control-5 (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Changed in empathy:
status: Unknown → Confirmed

Account details are in ~/.mission-control/accounts/accounts.cfg, except passwords and other secrets which are in gnome-keyring (if you have it), and avatar images which are in subdirectories of ~/.mission-control/accounts.

I suspect that the problem is that the original reporter deleted the underlying files (only), but MC was still running (so the accounts were in memory). Next time something relevant to those accounts happened, it wrote out its configuration to the files, and they reappeared.

The only supported way to remove accounts from MC is to remove them via its D-Bus API, for which several UIs exist (including Empathy). I do not consider deleting files directly to be a supported action.[1]

The Empathy accounts UI is the recommended user-friendly way to make that happen (in the version I'm running, each account in the list has a trash-can icon on the right side, which deletes it). The "remove" subcommand in /usr/bin/mc-tool is a less user-friendly way to do the same thing.

With my Debian hat on, removing user data on purge would be a release-critical (grave) bug. Purging a package removes it at the system level, but does not and should not remove individual users' data.

[1] Coincidentally, it works if you go offline in Empathy, then kill the mission-control-5 process (or log out and back in), *then* delete the files, but this is not guaranteed for future versions.

Brian Curtis (bcurtiswx) wrote :

Marking as invalid from upstream:
"Account details are in ~/.mission-control/accounts/accounts.cfg, except
passwords and other secrets which are in gnome-keyring (if you have it), and
avatar images which are in subdirectories of ~/.mission-control/accounts.

I suspect that the problem is that the original reporter deleted the underlying
files (only), but MC was still running (so the accounts were in memory). Next
time something relevant to those accounts happened, it wrote out its
configuration to the files, and they reappeared.

The only supported way to remove accounts from MC is to remove them via its
D-Bus API, for which several UIs exist (including Empathy). I do not consider
deleting files directly to be a supported action.[1]

The Empathy accounts UI is the recommended user-friendly way to make that
happen (in the version I'm running, each account in the list has a trash-can
icon on the right side, which deletes it). The "remove" subcommand in
/usr/bin/mc-tool is a less user-friendly way to do the same thing.

With my Debian hat on, removing user data on purge would be a release-critical
(grave) bug. Purging a package removes it at the system level, but does not and
should not remove individual users' data.

[1] Coincidentally, it works if you go offline in Empathy, then kill the
mission-control-5 process (or log out and back in), *then* delete the files,
but this is not guaranteed for future versions."

Changed in telepathy-mission-control-5 (Ubuntu):
status: Triaged → Invalid
Innomen (brandon-sergent) wrote :

"I suspect that the problem is that the original reporter deleted the underlying
files (only), but MC was still running (so the accounts were in memory). "

Heh, so because I didn't take an unusual step the uninstall process failed?

Ok, so you found a clue as to why the bug occurs, not that it is invalid.

Read my original post please and stop trying to confuse the issue.

Instead, try to duplicate it.

The end user shouldn't have to think about MC, uninstall should be sufficient and the end user should be assured when they uninstall something that holds passwords the passwords leave as well.

What's next? Revo uninstaller for Ubuntu?

Changed in telepathy-mission-control-5 (Ubuntu):
status: Invalid → In Progress
status: In Progress → Invalid
Innomen (brandon-sergent) wrote :

Also I find myself confused by the bug reporting process, I now have my doubts as to what you are saying in human English, so I'll just ask. Is this bug likely to be repaired or is ti being blamed on the end user's ignorance like so many other annoyances in Linux?

For the record I abandoned a two year foray into Ubuntu in large part over this security flaw. (see above for my argument on why this remains a security issue)

I am keeping tabs because once the errors are repaired I will give it another chance.

Changed in empathy:
status: Confirmed → Invalid
Brian Curtis (bcurtiswx) wrote :

Ok. I see your point. We will need more information for the developers here in Ubuntu to take a look at the bug and decide where they want to go from here. Please type "apport-collect 462994" which will use apport to add appropriate information to this bug report.

Changed in telepathy-mission-control-5 (Ubuntu):
status: Invalid → Incomplete
Innomen (brandon-sergent) wrote :

I appreciate you rethinking the matter, and I would love to help, but the the original machine is now an XP box. As I said, I left Ubuntu.

Off topic reasons: (Feel free to stop reading here, this has nothing to do with the bug. I'm just explaining why I'm no longer in a position to help.)

* Wine needs real development backing and leadership.
* No AHK port or anything sufficiently similar.
* No ext4 view in windows. (That is Ubuntu's problem not windows.)
* Adversarial attitude generally preventing co existence of operating systems.
* Rampant blame the user mentality.
* I'm banned for life from the forums for complaining about problems that apparently canonical apparently agreed with me on.
* The forums outlaw necroposting which renders almost all the data on the forum either a needless duplication of effort or hopelessly out of date.
* Tutorials are considered solutions by the community.
* Development priorities are badly arranged. (There still isn't to my knowledge an easy way to make a live USB install with persistence of settings.)
* The replaced pidgin as the default client on a whim.
* The software center is a travesty.

etc

Brian Curtis (bcurtiswx) wrote :

Well, in this case I will give this bug a week or two to find someone who wishes to confirm this and give the appropriate information from the apport collect mentioned in my previous comment.

Architecture: i386
DistroRelease: Ubuntu 9.10
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
NonfreeKernelModules: fglrx
Package: telepathy-mission-control-5 5.3.2-2~ppa9.10+1
PackageArchitecture: i386
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, no user)
 LANG=nl_BE.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-19.56-generic-pae
Uname: Linux 2.6.31-19-generic-pae i686
UserGroups: adm admin audio cdrom dialout dip fax fuse lpadmin netdev plugdev sambashare tape video

Changed in telepathy-mission-control-5 (Ubuntu):
status: Incomplete → New
tags: added: apport-collected
Celibriem (ide-alexander) wrote :

I did thesame as the poster. the password + username are indeed inside the application, other preferences i did not change so i cant check if they are the changed version or not. If i need to change other preferences please say so.

for me the problem is not telepathy or empathy anymore but the compleet Debian way of flooding the home dir with data.
There should be some user friendly way to delete user-settings without completly reinstalling the application. (eg when u dont have internet)
The .* directories in the home map are way too complex in names.

greetings

elderpyre (elderpyre) wrote :

As speculated above, can confirm mission-control is holding onto user log in data. After sudo apt-get purge'ing empathy and telepathy-*, mission-control is still left running in memory. I ended up doing 'sudo kill -9 pid' on the mission-control process in question before re-installing empathy, but a reboot of the system would probably do well to clear it as well. So quick recap, I did the following:

Went into Keyring manager GUI and removed entries for offending accounts
Opened terminal and did the following:
sudo apt-get purge empathy
sudo apt-get purge telepathy*
ps aux | grep -i mission
sudo kill -9 4462
ps aux | grep -i mission
sudo rm -rf .config/Empathy/ .gconf/apps/empathy/
sudo apt-get install empathy
sudo apt-get install telepathy-haze

Could have probably avoided going into the keyring and removing entries if I had purged empathy and telepathy first, but didn't think to test it. Not having the mission-control process die on a purge seems like a major over site though.

Changed in empathy:
importance: Unknown → Medium
maxim (maximn) wrote :

Forget holding onto data. I can't even figure out how to restore my previous configuration.

Changed in empathy:
importance: Medium → Unknown
Changed in empathy:
importance: Unknown → Medium
Changed in empathy (Ubuntu):
assignee: Ubuntu Desktop Bugs (desktop-bugs) → nobody
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in telepathy-mission-control-5 (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.