oss-sec mailing list archives

Re: gnome-keyring does not discard stored secrets in some cases

From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 17 Jan 2013 06:27:47 +0100

* Kurt Seifried:

I've verified that Fedora 17 (GNOME 3.4) does not discard cached
keys on suspend and hibernate, either.  (Swap is encrypted, though,
at least I selected that in the installer.)  However, I suspect
that users expect that suspend (but perhaps not hibernate) does not
discard keys.


Just to confirm, is this behavior documented at all in the gnome
keyring documentation (e.g. that it does or doesn't do it)? Thanks.


I think the clearest part is
<https://live.gnome.org/GnomeKeyring/SecurityPhilosophy>, which
proclaims:

| * Try to keep your secrets from being swapped out or otherwise
|   written to disk.
| * Hunkering down and discarding all secrets when your computer is
|   locked.

The documentation for gnome_keyring_lock_all_sync
<http://developer.gnome.org/gnome-keyring/unstable/gnome-keyring-Keyrings.html#gnome-keyring-lock-all-sync>
says:

| Lock all the keyrings, so that their contents may not eb accessed
| without first unlocking them with a password.

In addition,
<http://developer.gnome.org/gnome-keyring/unstable/gnome-keyring-Non-pageable-Memory.html>
suggests that locked memory is never written to disk.  This is not
true with hibernation.

Current thread:

gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 10)
- Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 10)
  - Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 11)
    - Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 16)
    - Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 16)
    - Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 16)