Bug#472477: ssh-add -D does not remove SSH key from gnome-keyring-daemon memory
Arnaud Cornet
acornet at debian.org
Mon Mar 24 14:26:01 UTC 2008
Package: gnome-keyring
Version: 2.22.0-2
Severity: important
Steps to reproduce:
# ssh-add -l
1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
# ssh-add -D
All identities removed.
# ssh-add -l
1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
I am still able to log in with this key afterwards.
This is a security issue since gnome-keyring-daemon seems to have
transparently taken over ssh-agent. One might think he's key is unloaded
after a ssh-add -D while it's not.
I cannot even find a way to remove the key in gnome-keyring-manager GUI.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gnome-keyring depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.7-9 GNU C Library: Shared libraries
ii libcairo2 1.4.14-1 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.1.20-1 simple interprocess messaging syst
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libgcrypt11 1.4.0-3 LGPL Crypto library - runtime libr
ii libglib2.0-0 2.16.1-2 The GLib library of C routines
ii libgtk2.0-0 2.12.9-2 The GTK+ graphical user interface
ii libhal-storage1 0.5.11~rc2-1 Hardware Abstraction Layer - share
ii libhal1 0.5.11~rc2-1 Hardware Abstraction Layer - share
ii libpango1.0-0 1.20.0-1 Layout and rendering of internatio
ii libtasn1-3 1.3-1 Manage ASN.1 structures (runtime)
Versions of packages gnome-keyring recommends:
ii libpam-gnome-keyring 2.22.0-2 PAM module to unlock the GNOME key
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list