Bug#728312: libpam-gnome-keyring: does not properly kill gnome-keyring-daemon before exit, race condition causes pam umount fail

[Chris Bainbridge]

Package: libpam-gnome-keyring
Version: 3.4.1-5
Severity: critical
Tags: upstream security
Justification: root security hole

Dear Maintainer,

The problem: at logout using pam-mount to umount an encrypted disk fails on
Debian Wheezy because gnome-keyring-daemon has an open socket at in ~/.cache
/keyring-xxxxxx/control and hasn't been killed properly. This is a security
issue because the encrypted disk does not get unmounted but the user will not
be aware of this.

The problem is that in pam/gkr-pam-module.c stop_daemon() sends SIGTERM to the
gnome-keyring-daemon process instead of SIGKILL ie. just requesting shutdown
and ensuring the process is really dead. This means that when
pam_gnome_keyring.so returns from pam_close_session() the daemon is sometimes
still running (race condition). Since the daemon has an open socket in the
users home directory, pam_mount's umount call will fail.

This was observed under lightdm and XFCE, but should also affect other systems
that use pam-gnome-keyring and pam-mount together.

Fix: replacing SIGTERM with SIGKILL in the source fixes the issue. You may want
to use SIGTERM/sleep/if(alive) SIGKILL to give the daemon a chance to exit
properly.

Relevant discussion thread: http://sourceforge.net/p/pam-
mount/mailman/message/31580148/



-- System Information:
Debian Release: 7.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-486
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-gnome-keyring depends on:
ii  libc6           2.13-38
ii  libpam-runtime  1.1.3-7.1
ii  libpam0g        1.1.3-7.1
ii  libselinux1     2.1.9-5

Versions of packages libpam-gnome-keyring recommends:
ii  gnome-keyring  3.4.1-5

libpam-gnome-keyring suggests no packages.

-- no debconf information