[pkg-gnupg-maint] Bug#842334: Bug#842334: Needs an X display to run?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Oct 28 19:11:30 UTC 2016
Control: tags 842334 - moreinfo unreproducible
Control: clone 842334 -1
Control: reassign -1 lxdm 0.5.3-1
Control: retitle -1 lxdm allows user to retain control over X11 session after logout
Control: tags -1 + security
Control: forcemerge 841909 842334
Thanks for your quick response, Julien.
On Fri 2016-10-28 13:39:26 -0400, Julien Puydt wrote:
> On 28/10/2016 18:55, Daniel Kahn Gillmor wrote:
> I'm using mosh to connect to a tmux session. In that tmux session, there
> is a window with a "TMUX= ssh-agent tmux", where my ~/.ssh/debian key is
> ssh-add-ed.
I don't see how the ssh-agent stuff is relevant to this discussion, so
i'm going to ignore it for now.
> This is the terminal I use to work on Debian packaging, and in
> particular, to run "gbp buildpackage -S -kdebian", which until
> recently showed me a curses window.
ok, makes sense.
>> In particular answers to any or all of the questions below would help me
>> understand your use case:
>>
>> * what versions of pinentry do you have installed?
>
> pinentry-gnome3, 0.9.7-6
>
>> * do you have dbus-user-session installed?
>
> Yes, version 1.10.12-1.
>
>> * which version of pinentry is the default pinentry?
>
> It's pinentry-gnome3, from src:pinentry version 0.9.7-6, as above : I
> don't think I have another one.
Thanks, this is useful details.
>> * is there a concurrent graphical (X11) session running for the user
>> account that you're using?
>
> When there is or has been such a session, then I get an X window (even
> in lxdm's login screen after logout : that point is a security
> issue!).
This is definitely a bug, and a security one at that. I'm assuming
you're running lxdm 0.5.3-1, and i've cloned and assigned this bug to
that package. Please adjust the cloned bug in case any of those details
are wrong. I don't have anything running lxdm at the moment to test
with.
> If not I get an error trying to sign, but no curses window.
[...]
> If I kill dbus instances running as my user, then I get an error, so
> indeed it's the fact that there's a still-running dbus that makes it
> possible to display an X window . And that is already wrong, because I'm
> not supposed to access the lxdm session screen as a user.
>
> I took your 0011 patch and added it to the package, then installed it :
> I now get the curses window...
ok, that's a win, thanks!
> even when I run a gpg command inside an xterm within a lxsession, in
> which case I would have expected an X11 window.
hm, this doesn't make sense to me. Was this after you killed your dbus
session? If so, that would certainly explain the fallback. But if your
dbus session was live and your lxsession was running and you have gcr
installed, i would have expected any gpg command inside an xterm within
an lxsession to trigger the gcr graphical prompt instead of a curses
prompt.
Can you confirm the situation here?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161028/c4f0df96/attachment.sig>
More information about the pkg-gnupg-maint
mailing list