Bug#1018899: gcr-prompter dumps secrets in syslog/journald
Simon McVittie
smcv at debian.org
Sun Sep 4 21:50:51 BST 2022
On Thu, 01 Sep 2022 at 14:22:45 -0400, Antoine Beaupre wrote:
> The bits marked [REDACTED] actually contains what looks like some sort
> of secret key.
As discussed on IRC, I *think* it's the public part of an asymmetric
keypair, which would reduce the severity of this bug, but it still seems
like a valid bug (gcr-prompter shouldn't be writing g_debug()-level logging
to syslog).
> I'm using a weird desktop here: i3wm started from systemd, with *some*
> GNOME bits (e.g. network-manager and nm-applet, for example).
This bug is probably only applicable in desktop environments that don't
provide an integrated libsecret prompt (not GNOME, and possibly also not
other major desktop environments like Plasma).
smcv
More information about the pkg-gnome-maintainers
mailing list