Bug#956045: gnome-keyring: several cryptographic vulnerabilities
Daiki Ueno
ueno at gnu.org
Tue Apr 7 14:45:20 BST 2020
"brian m. carlson" <sandals at crustytoothpaste.net> writes:
> First, the code to verify the integrity hash is done with memcmp. This
> is not safe against timing attacks, so an attacker can tamper with the
> data and determine how much of the hash matches based on the amount of
> time it takes[0]. This comparison should be done in a constant-time
> way.
>
> [0] This can be a problem with an untrusted container with the user's
> home directory mounted in it. There's documentation for VS Code that
> tells people how to do exactly this, so it's clearly a common situation.
Could you elaborate which document you are referring to? I'm wondering
how it can be a problem provided that VS Code and gnome-keyring-daemon
are running as a separate process. I believe that both snap and flatpak
provide a process isolation mechanism.
> This was originally reported to the Debian Security Team on February 3,
> but they were unable to issue a CVE, so I reported it to the GNOME
> Security Team on February 4. The response was the gnome-keyring team is
> "aware of those issues" but they "don't think those issues are severe
> enough to urge an immediate fix" and plan to address them at an
> unspecified point in the future.
It's a bit disappointing that you didn't quote the full response with
the additional context. Here it goes, for reference:
--8<---------------cut here---------------start------------->8---
Hello Brian,
First, thank you for reaching out to us. We were aware of those issues
and have been piloting a new keyring format in libsecret[1], that should
address most of them, aiming at eventually merging it back to
gnome-keyring.
That said, we don't think those issues are severe enough to urge an
immediate fix. I'm also particularly concerned with the use of AES-GCM
you suggested for encrypting data at rest, considering its brittleness
in terms of nonce reuse, and that using a key wrapping algorithm would
be more appropriate for certification purposes[2].
Footnotes:
[1]
https://opensource.com/article/19/11/secrets-management-flatpak-applications
[2] https://phabricator.services.mozilla.com/D54589#1662092
Regards,
--8<---------------cut here---------------end--------------->8---
More information about the pkg-gnome-maintainers
mailing list