Bug#956045: gnome-keyring: several cryptographic vulnerabilities

brian m. carlson sandals at crustytoothpaste.net
Wed Apr 8 00:13:04 BST 2020 

On 2020-04-07 at 13:45:20, Daiki Ueno wrote:
> "brian m. carlson" <sandals at crustytoothpaste.net> writes:
> 
> > First, the code to verify the integrity hash is done with memcmp.  This
> > is not safe against timing attacks, so an attacker can tamper with the
> > data and determine how much of the hash matches based on the amount of
> > time it takes[0].  This comparison should be done in a constant-time
> > way.
> >
> > [0] This can be a problem with an untrusted container with the user's
> > home directory mounted in it.  There's documentation for VS Code that
> > tells people how to do exactly this, so it's clearly a common situation.
> 
> Could you elaborate which document you are referring to?  I'm wondering
> how it can be a problem provided that VS Code and gnome-keyring-daemon
> are running as a separate process.  I believe that both snap and flatpak
> provide a process isolation mechanism.

The document at [0] provides documentation on how to mount your home
directory into containers.  It is well known that people download
containers using Docker that are not audited and may contain malware[1].

[2] is an example of a cross-VM cryptographic timing attack, which can
also be applied across processes.  Other timing attacks are known even
across networks.

It is, in general, not safe to assume that any timing attack is
unexploitable.

> > This was originally reported to the Debian Security Team on February 3,
> > but they were unable to issue a CVE, so I reported it to the GNOME
> > Security Team on February 4.  The response was the gnome-keyring team is
> > "aware of those issues" but they "don't think those issues are severe
> > enough to urge an immediate fix" and plan to address them at an
> > unspecified point in the future.
> 
> It's a bit disappointing that you didn't quote the full response with
> the additional context.  Here it goes, for reference:

I believe my report substantially mentioned the relevant points, which
are that

* you are aware of the issues;
* you don't see the issues as warranting an immediate fix; and
* you are working on a plan to address them in gnome-keyring, but the
  point at which they will be fixed is not presently specified.

It was my intention to fairly and accurately present the substance of
your comments as relevant to the bug report without quoting the full
email.  I didn't wish to include the full contents of a private
discussion, some of which would not have even made sense without
additional email context that was not relevant to the bug report.

My response stated my position, which is that letting security
vulnerabilities linger unfixed long term is not in the public interest.
I appreciate that fixing this may be nontrivial, but a prompt and timely
security response is essential.  If I discovered the vulnerabilities,
others probably have, too, and users deserve secure software.

[0] https://code.visualstudio.com/docs/remote/containers
[1] https://www.theregister.co.uk/2017/07/28/malware_docker_containers/
[2] https://blog.cryptographyengineering.com/2012/10/27/attack-of-week-cross-vm-timing-attacks/
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20200407/4ca39ecc/attachment-0001.sig>

More information about the pkg-gnome-maintainers mailing list