Bug#472477: ssh-add -D does not remove SSH key from gnome-keyring-daemon memory

Arnaud Cornet acornet at debian.org
Mon Mar 24 14:26:01 UTC 2008


Package: gnome-keyring
Version: 2.22.0-2
Severity: important

Steps to reproduce:
# ssh-add -l
1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
# ssh-add -D
All identities removed.
# ssh-add -l
1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

I am still able to log in with this key afterwards.

This is a security issue since gnome-keyring-daemon seems to have
transparently taken over ssh-agent. One might think he's key is unloaded
after a ssh-add -D while it's not.

I cannot even find a way to remove the key in gnome-keyring-manager GUI.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnome-keyring depends on:
ii  gconf2                      2.22.0-1     GNOME configuration database syste
ii  libatk1.0-0                 1.22.0-1     The ATK accessibility toolkit
ii  libc6                       2.7-9        GNU C Library: Shared libraries
ii  libcairo2                   1.4.14-1     The Cairo 2D vector graphics libra
ii  libdbus-1-3                 1.1.20-1     simple interprocess messaging syst
ii  libgconf2-4                 2.22.0-1     GNOME configuration database syste
ii  libgcrypt11                 1.4.0-3      LGPL Crypto library - runtime libr
ii  libglib2.0-0                2.16.1-2     The GLib library of C routines
ii  libgtk2.0-0                 2.12.9-2     The GTK+ graphical user interface 
ii  libhal-storage1             0.5.11~rc2-1 Hardware Abstraction Layer - share
ii  libhal1                     0.5.11~rc2-1 Hardware Abstraction Layer - share
ii  libpango1.0-0               1.20.0-1     Layout and rendering of internatio
ii  libtasn1-3                  1.3-1        Manage ASN.1 structures (runtime)

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring          2.22.0-2   PAM module to unlock the GNOME key

-- no debconf information






More information about the pkg-gnome-maintainers mailing list