Bug#775189: mate-session spawns gnome-keyring unconditionally
paravoid at debian.org
Mon Jan 12 12:38:40 UTC 2015
Since upstream commit 8a20baf39f781184d6126e0947e9fd4d9a115fab,
mate-session-manager spawns gnome-keyring-daemon, with no option to turn
it off, or pass arguments to it (such as --components).
While this is bad in itself, it gets worse: keyring is spawned *after*
the regular user-configured autostart programs are run. gnome-keyring's
default set of components includes a GPG & a SSH agent and rightfully
exports SSH_AUTH_SOCK and GPG_AGENT_INFO.
Therefore, even if the user has configured their desktop to spawn the
(more featureful and arguably more secure OpenSSH) ssh-agent or
gpg-agent, it is impossible to use it, as gnome-keyring-daemon clobbers
the these two environmental variables.
In other words, mate-session indirectly & unconditionally clobbers
environmental variables that in no way belong to it and actively
preventing programs that own the namespace from using them. This is a
severity: serious issue, IMO.
Note that e.g. gdm3's default PAM configuration uses pam_gnome_keyring
which calls gnome-keyring-daemon with the --daemonize --login options.
This starts the daemon but does not initialize it; mate-sessions's
execution with --start is what initializes it and exports these
variables into the session's environment.
Finally, note that MATE's default session autostart includes multiple
GNOME Keyring entries, a different one for each keyring component, that
can be individually be turned off and on. This is what GNOME used to do
(maybe still does?) as well. I've yet to understand why mate-session
also spawns it from its code as well.
More information about the pkg-mate-team