oss-sec mailing list archives
Re: gnome-keyring does not discard stored secrets in some cases
From: Florian Weimer <fweimer () redhat com>
Date: Fri, 11 Jan 2013 10:36:56 +0100
On 01/11/2013 08:38 AM, Kurt Seifried wrote:
On 01/10/2013 11:45 PM, Florian Weimer wrote:I had trouble finding a caller of this function, but the submitter indicated that gnome-power-manager uses it in older versions: <http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c?h=gnome-2-32#n162> I'm not sure if this needs a CVE, but it's probably worth fixing anyway.What security violation occurs/what trust boundary is crossed?
I think the expectation was that key material is discarded on suspend/hibernate. This seems quite desirable for hibernate without encrypted swap.
I've verified that Fedora 17 (GNOME 3.4) does not discard cached keys on suspend and hibernate, either. (Swap is encrypted, though, at least I selected that in the installer.) However, I suspect that users expect that suspend (but perhaps not hibernate) does not discard keys.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 10)
- Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 10)
- Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 11)
- Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 16)
- Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 16)
- Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 16)
- Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 11)
- Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 10)