Bug#848902: seahorse: Stores keyring passwords in the login keyring by default

Tue Dec 20 16:43:45 UTC 2016

Package: seahorse
Version: 3.14.0-2
Severity: important

Dear Maintainer,

when unlocking a keyring (other than the login keyring) in Seahorse the
password entry dialog has a checkbox labeled 'Automatically unlock this
keyring whenever I'm logged in'. If you enter the password and hit enter
with this box checked the password for the keyring will be stored in the
login keyring, and the other keyring will in the future be unlocked without
the user having to enter a password. The box is checked by default every
time the password entry dialog appears.

Since forgetting to uncheck it just once will cause the password to be stored
in the login keyring, making the extra security of keeping a separate keyring
severely reduced, I don't think it should be checked by default. It should
either be unchecked every time the password entry dialog appears (since it
will never appear again once you have stored the keyring password in the login
keyring, that seems reasonable), or it should at the very least remember that
the user unchecked it last time and don't automatically check it again.

Making this even worse, the stored keyring password won't appear in the
Seahorse GUI for the login keyring until you have restarted Seahorse, but it
will definitely be stored in the keyring.

I set the severity to 'Important' because I think this bug can fool a user to
inadvertently reduce the security of their stored secrets.

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.7.0-0.bpo.1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages seahorse depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.22.0-1
ii  gcr                                          3.14.0-2
ii  gnome-keyring                                3.14.0-1+b1
ii  gnupg                                        1.4.18-7+deb8u3
ii  libassuan0                                   2.1.2-2
ii  libatk1.0-0                                  2.14.0-1
ii  libavahi-client3                             0.6.31-5
ii  libavahi-common3                             0.6.31-5
ii  libavahi-glib1                               0.6.31-5
ii  libc6                                        2.19-18+deb8u6
ii  libcairo-gobject2                            1.14.0-2.1+deb8u1
ii  libcairo2                                    1.14.0-2.1+deb8u1
ii  libgck-1-0                                   3.14.0-2
ii  libgcr-base-3-1                              3.14.0-2
ii  libgcr-ui-3-1                                3.14.0-2
ii  libgdk-pixbuf2.0-0                           2.31.1-2+deb8u5
ii  libglib2.0-0                                 2.42.1-1+b1
ii  libgpg-error0                                1.17-3
ii  libgpgme11                                   1.5.1-6
ii  libgtk-3-0                                   3.14.5-1+deb8u1
ii  libldap-2.4-2                                2.4.40+dfsg-1+deb8u2
ii  libp11-kit0                                  0.20.7-1
ii  libpango-1.0-0                               1.36.8-3
ii  libpangocairo-1.0-0                          1.36.8-3
ii  libsecret-1-0                                0.18-1+b1
ii  libsoup2.4-1                                 2.48.0-1

Versions of packages seahorse recommends:
ii  openssh-client  1:6.7p1-5+deb8u3

seahorse suggests no packages.

-- no debconf information