"An application wants access to the keyring" (*which* application is not specified)

Bug #1293790 reported by stimpy77 on 2014-03-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-keyring (Ubuntu)

Bug Description

I have Ubuntu 13.10 Desktop installed. I am being prompted with this message: "Title: 'Unlock Keyring' - An application wants access to the keyring 'default', but it is locked. Password? [____]" Note that in this case there is no "Details >" expansion control, no "reveal more", no button to "view details" etc.

This is not an unfamiliar message, similar concepts exist for both Windows and Mac, and the behavior derives from earlier forms of Linux. The idea of a keyring specifically is something I used on the Mac.

I have some beef with this message in Ubuntu's form, however. What application is requesting this? Accessing a keyring with a password is asking for a Master password, one password to rule them all. One cannot, and should not, just hand out this master password to any application. So what application wants access to the keyring??

IMO this failure to disclose who is asking for the master password is critically bad security.

Seth Arnold (seth-arnold) wrote :

Agreed, the dialog is annoying. 'update-manager' isn't the correct component though, as I see this dialog often with workflows that don't use the update manager.

information type: Private Security → Public Security
stimpy77 (e-jon) wrote :

As the OP'r for the record I'm not concerned about the "annoyance" of the dialog--that is a separate concern that I came to realize my actions contribute to the problem by choosing to auto-login. My concern is with the security vulnerability in not disclosing which app is requesting the master password. That is an unacceptable UI pattern going forward.

affects: update-manager (Ubuntu) → gnome-keyring (Ubuntu)
stimpy77 (e-jon) wrote :

Re: This bug report is a duplicate of: Bug #246185

I had only been on Ubuntu Desktop for hours before deciding to set up my account to post this bug as I consider it pretty serious. You mean to tell me this has been a known problem since seven years ago, and the problem still exists? Does anybody else use this thing?
Retracting my recommendation ...

Sebastien Bacher (seb128) wrote :

read https://bugzilla.gnome.org/show_bug.cgi?id=574315 for specifics details on why having the label/app name wouldn't help much, if you are interested

stimpy77 (e-jon) wrote :

Yeah. "At this point putting up a label for which application is accessing the secret
isn't that easy, and it's very hard to get it completely right. It would be
nice to get this working, but unless someone pitches in with a plan/code, it's
currently at a lower priority than other gnome-keyring work."

.. the way I read that is, ..

"Sorry, it turns out that even though we know that 'an application' wants to gain access to the keyring, it's too hawrd to figure out how to track that. So, we're putting this off. Indefinitely."

Open source developers. Gotta love 'em. (Yes this is a snide remark. I'm embarrassed for these people. A desktop OS exists FOR A USER. So if a security message cannot be properly constructing its message because to properly construct its message is too hawrd, the message should not be shown. Redesign the keyring feature or drop the feature.)

Seth Arnold (seth-arnold) wrote :

Stimpy, I came to a different conclusion from the upstream bug report.

The problem isn't figuring out which _one_ application wants the key, it's that the key will be available to _all_ the desktop applications.

Fixing this issue will take significant work -- switching to Mir or Wayland, for a start -- and providing mandatory access control policies for desktop applications.

The problem isn't just with the message presented to the user.


stimpy77 (e-jon) wrote :

I picked up on that too. This is why I said, "Redesign the keyring feature or drop the feature." Unlocking for all apps is already happening, and already a security vulnerability. But since *that* issue is a different bug, the least you can do is communicate which application is requesting access, *and* inform the user that clicking "Allow" will also unlock the keyring for other applications. Full disclosure. Why the secrecy? It's just another sentence, not like it means writing a book to the user. Give the user enough information to decide whether to click 'Allow' or not. Or, simply, drop the keyring feature.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.