Credentials located in gnome-keyring can be compromised easily
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-keyring (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Dear all,
I figure out that login credentials, located in gnome-keyring, can be easily compromised.
Linux based on Gnome basically uses ‘gnome-keyring’ as their backend to store login credentials in a secure manner. Specifically, google-chrome browser, network-manager and gnome-online-
To use this, authentication is performed together with gnome-keyring as part of ‘pam-gnome-
(please check PoC source https:/
The issue is different from the content shown on the Ubuntu Security FAQ and GnomeKeyring Wiki [1][2]. It was even said that “PAM session is closed via the screensaver, all keyrings are locked, and the ‘login’ keyring is unlocked upon successful authentication to the screensaver”. After trying to crack the keyring, it was far from what they really thought. It is no different than plain text file for login credentials somewhere on disk.
To deal with, the root cause of the problem is that ‘Secret Service API’ on anyone can be easily accessed on DBus API. If access control is enabled, only well-known? or authorized processes, such as google-chrome, network-manager, and gnome-online-
DBus originally provides capability that is essential to access control of DBus API by defining security policy as a form of *.conf file. Currently, various services based on DBus interface are employing above security policy feature to perform access control. For example, login/system related functions is controlled from ‘login1’ and its security policy is described in “org.freedeskto
Likewise, why don’t we try adopting the access control of secret service API into gnome-keyring environment?
Due to the fact that a process with root privilege can access “.conf” file, an approved program may only update the target file during installation process
Here is really simple ‘org.freedeskto
=======
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop
"http://
<busconfig>
<policy context="default">
<deny receive_sender="*"
<!-- allow access to seahorse application (formerly keyring manager) -->
<allow receive_
<!-- allow access to network-manager -->
<deny receive_
<!-- allow access to gnome-online-
<deny receive_
</policy>
</busconfig>
=======
Many Thanks!!
[1] https:/
[2] https:/
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gnome-keyring 3.28.0.2-1ubuntu1
ProcVersionSign
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Thu Jul 5 17:45:22 2018
InstallationDate: Installed on 2018-07-06 (0 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-keyring
UpgradeStatus: No upgrade log present (probably fresh install)
description: | updated |
information type: | Public → Private Security |
information type: | Private Security → Public Security |
Changed in gnome-keyring (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Low |
The issue looks similar to the well known https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 551036