Bug#683655: gnome-keyring: gpg passphrase cached forever
Julien Cristau
jcristau at debian.org
Thu Aug 2 14:47:23 UTC 2012
Package: gnome-keyring
Version: 3.4.1-4
Severity: grave
Tags: security
Justification: user security hole
At some point gnome-keyring seemed to obey the configuration asking it
to stop caching passphrases after a while. It no longer does.
$ gsettings list-recursively org.gnome.crypto.cache
org.gnome.crypto.cache gpg-cache-authorize false
org.gnome.crypto.cache gpg-cache-method 'idle'
org.gnome.crypto.cache gpg-cache-ttl 600
Yet I'm never asked for the passphrase again.
Cheers,
Julien
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'stable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gnome-keyring depends on:
ii dbus-x11 1.6.2-2
ii dconf-gsettings-backend [gsettings-backend] 0.12.1-2
ii gcr 3.4.1-3
ii libc6 2.13-35
ii libcap-ng0 0.6.6-2
ii libcap2-bin 1:2.22-1.1
ii libdbus-1-3 1.6.2-2
ii libgck-1-0 3.4.1-3
ii libgcr-3-1 3.4.1-3
ii libgcrypt11 1.5.0-3
ii libglib2.0-0 2.32.3-1
ii libgtk-3-0 3.4.2-2
Versions of packages gnome-keyring recommends:
ii libpam-gnome-keyring 3.4.1-4
gnome-keyring suggests no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20120802/d9294e09/attachment.pgp>
More information about the pkg-gnome-maintainers
mailing list