Ubuntu
gnome-session package

Mystery keyring password prompts pop up for no reason

Bug #1474182 reported by jimav
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
gnome-session (Ubuntu)
Invalid
High
Unassigned

Bug Description

A prompt box periodically pops up for no apparent reason asking me for my default keyring password. If I click Cancel, it re-appears again after a few minutes. There is absolutely no information about what program is asking or why. Is this a phishing scam?!?

I'm marking this as "security vulnerability" because the "mystery" prompt is asking for extremely sensitive information which users should not give out without knowing what program will use it.

* My homedir is not encrypted
* I do use automatic login, but it succeeded and everything works, including network.
* My system has slept/resumed a few times (don't know if that's relevant)
* I use a wired Ethernet connection, not WiFi (so no password is needed for network access).
* I am not running any commands that I know of which use encryption or require access to my private keys.

Since I am not doing anything which actually requires my private key, something is asking to unlock the keyring wrongly;

Or else a background process (or trojan) is trying to communicate with somebody behind my back, using my private keys.

This seems to be new (REGRESSION) as of 15.04, it did not occur before upgrading.

The programs I *am* running are:
 * Firefox
 * Thunderbird (I typed in it's Master Password previously, and it is working fine)
 * Terminals
 * A Java based web app (Interactive Brokers Trader Workstation)

/var/log/auth.log contains the following:

<username>: Executing command [USER=root] [TTY=unknown] [CWD=/home/<username>] [COMMAND=/usr/lib/update-notifier/package-system-locked]
bus acquired: org.gnome.keyring.SystemPrompter
Gcr: registering prompter
bus acquired: org.gnome.keyring.PrivatePrompter
Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p22@:1.259
Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p22@:1.259
Gcr: creating new GcrPromptDialog prompt
Gcr: automatically selecting secret exchange protocol
Gcr: generating public key
Gcr: beginning the secret exchange: [sx-aes-1]\npublic=RnT9opj6kZDvJpr8QyIBH4DE/xn3wid1Di7mdEuIgT/GCBA1mLB3VdsldoT6WMdJeD15xlSIvvmAiLLR59dffthvV+cifN3K1WoJhFdBDSiBLmkI4wfGXEnQTmJn7iZfyGWsIVqL5cSgG3AEMGKgY4ORzBARp8TLqjnfnoJB3YSh/gNFVs5OT5pCATNeaDN1mx9LzOCuCSwVDXIIY6uV8sjhBpBvQQCNNEV960L2pZYvGsBYMKeriKxvZAJfiO04\n
Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p22@:1.259
acquired name: org.gnome.keyring.SystemPrompter
acquired name: org.gnome.keyring.PrivatePrompter
Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p22@:1.259
Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p22@:1.259
Gcr: receiving secret exchange: [sx-aes-1]\npublic=RL9s/tyPJRw80JDQNBGC+0uQxXfk1uAvJH9XoAULcI4ys/b/Rfz9QNvujXVlhp02Yot7S7K6l5KLBc3i6Ry9SPECjeDm6Y5E4Ry43OmOKjBf7JBUcUvrzfUvwJ87YZ0fYCW8j9nDgrBxt1utCOUDJDHVVANdIK8CMIEXnffiKYjsPq8yjueenqdnM+G8VUoBke8U1Bmc0IHs8elTBBWnoeLQdpnLcpn7k245vO5V4w8Gl3ZZtYrw7t6xxZstRAXR\n
Gcr: deriving shared transport key
Gcr: deriving transport key
Gcr: starting password prompt for callback /org/gnome/keyring/Prompt/p22@:1.259
Gtk: GtkDialog mapped without a transient parent. This is discouraged.
Gcr: completed password prompt for callback :1.259@/org/gnome/keyring/Prompt/p22
Gcr: sending the secret exchange: [sx-aes-1]\npublic=RnT9opj6kZDvJpr8QyIBH4DE/xn3wid1Di7mdEuIgT/GCBA1mLB3VdsldoT6WMdJeD15xlSIvvmAiLLR59dffthvV+cifN3K1WoJhFdBDSiBLmkI4wfGXEnQTmJn7iZfyGWsIVqL5cSgG3AEMGKgY4ORzBARp8TLqjnfnoJB3YSh/gNFVs5OT5pCATNeaDN1mx9LzOCuCSwVDXIIY6uV8sjhBpBvQQCNNEV960L2pZYvGsBYMKeriKxvZAJfiO04\n
Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p22@:1.259
Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p22@:1.259
Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p22@:1.259
Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p22@:1.259
Gcr: closing the prompt

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: gnome-session-bin 3.14.0-2ubuntu5
ProcVersionSignature: Ubuntu 3.19.0-23.24-generic 3.19.8-ckt2
Uname: Linux 3.19.0-23-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Jul 13 18:56:02 2015
InstallationDate: Installed on 2013-08-06 (707 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
SourcePackage: gnome-session
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
jimav (james-avera) wrote :
jimav (james-avera)
information type: Private Security → Public
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I suspect it is Ubuntu One:

Jul 13 17:55:16 hostname org.gnome.keyring.SystemPrompter[1889]: Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
Jul 13 17:55:18 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error

$ grep "credential error" JournalErrors.txt
Jul 11 12:49:22 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 11 12:49:22 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 11 12:49:44 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 11 12:49:44 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 12 19:08:56 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 12 19:14:44 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 13 11:34:53 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 13 11:38:02 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 13 17:50:19 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 13 17:55:18 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 13 18:17:27 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 13 18:44:22 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error
Jul 13 18:50:08 hostname com.ubuntu.OneConf[1889]: ERROR:oneconf.networksync.ssohandler:credential error

These errors would certainly correspond with "every few minutes" and, if actually accompanied with a dialog box, would be often enough to be insanely frustrating.

If there's something to configure in the system settings | Online Accounts, there might be an easy way to fix this; if not, I might be tempted to try apt-get purge account-plugin-ubuntuone and see what happens from there.

Revision history for this message
jimav (james-avera) wrote :

So how can this be stoped? It is making my system almost unusable.

Searching the Dash for "one" or "cloud" turns up no hits for apps or config options.

Alternatively: How can I turn on/find log info which will pinpoint who is asking for the keyring to be unlocked?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-session (Ubuntu):
status: New → Confirmed
Revision history for this message
Colin Law (colin-law) wrote :

I am also seeing this (on 15.04), it started happening a few weeks ago. As suggested above it is associated with oneconf. Immediately before the popup appears (or as it appears) data in .cache/oneconf/..../package_list_... and host are updated and after a valid pwd is entered last_sync is updated. In auth.log the following is seen after entering the pwd

Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: completed password prompt for callback :1.96@/org/gnome/keyring/Prompt/p1
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: encrypting data
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: sending the secret exchange: [sx-aes-1]\npublic=[snipped]
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: closing the prompt
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.96
Aug 31 07:54:40 tigger gcr-prompter[4444]: Gcr: calling the PromptDone on /org/gnome/keyring/Prompt/p1@:1.96, and ignoring reply
Aug 31 07:54:50 tigger gcr-prompter[4444]: 10 second inactivity timeout, quitting
Aug 31 07:54:50 tigger gcr-prompter[4444]: Gcr: unregistering prompter
Aug 31 07:54:50 tigger gcr-prompter[4444]: Gcr: disposing prompter
Aug 31 07:54:50 tigger gcr-prompter[4444]: Gcr: finalizing prompter

Alberto Salvia Novella (es20490446e)
Changed in gnome-session (Ubuntu):
importance: Undecided → High
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Thank you for reporting this bug to Ubuntu.
Ubuntu 15.04 (vivid) reached end-of-life on February 4, 2016.

See this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

We appreciate that this bug may be old and you might not be interested in discussing it any more. But if you are then please upgrade to the latest Ubuntu version and re-test. If you then find the bug is still present in the newer Ubuntu version, please add a comment here telling us which new version it is in and change the bug status to Confirmed.

Changed in gnome-session (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.