Bug 342144 – Ask dialog less secure for python clients

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 342144 - Ask dialog less secure for python clients


Summary:	Ask dialog less secure for python clients


Status:	RESOLVED OBSOLETE

Product:	gnome-keyring
Classification:	Core
Component:	prompting
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	2.28
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Duplicates:	388374 (view as bug list)
Depends on:
Blocks:

Reported:	2006-05-17 16:24 UTC by Gustavo Carneiro
Modified:	2011-03-09 16:20 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
screenshot showing what happens now for python programs (17.54 KB, image/png) 2006-05-17 16:25 UTC, Gustavo Carneiro		Details
proposed patch (2.29 KB, patch) 2006-05-17 16:57 UTC, Gustavo Carneiro	needs-work	Details \| Review

Description Gustavo Carneiro 2006-05-17 16:24:44 UTC

The ask dialog currently prints two informations regarding the application that requests authorization:
  1- The app name set from gnome_program_init;
  2- The process exe name.

In case of python applications, the exe name is always /foo/bar/python.  The program being executed is the first argument, which is not displayed.  Thus, it is possible for a rogue program to pretend to be a well known and trust python program (e.g. gajim), and the user could never tell the difference.

My proposal would be to display the full command line (on linux, /proc/<pid>/cmdline) instead of the exe.

Comment 1 Gustavo Carneiro 2006-05-17 16:25:32 UTC

Created attachment 65689 [details]
screenshot showing what happens now for python programs

Comment 2 Gustavo Carneiro 2006-05-17 16:57:43 UTC

Created attachment 65696 [details] [review]
proposed patch

Comment 3 Fernando Herrera 2006-06-04 18:40:36 UTC

I think that we cannot use command line for all applications, just because for example clicking on a photo in nautilus would use "eog photo2.jpg" and would add an ACL entry for that exact command line and then clicking on photo3.jpg would request again auth.

Maybe we can just use an special case for java and python GNOME apps, but again not using the full command line only the "code" to use.  I guess that it could be rather difficult, for exmple with java your code to exec is a combination of -classpath and something more for the main class.

Comment 4 Gustavo Carneiro 2006-06-04 20:43:00 UTC

You're right.  I forgot about the ACLs; the patch's only intention was to change the string that is displayed to the user, not change any ACLs.

Comment 5 Stef Walter 2007-03-19 02:32:51 UTC

*** Bug 388374 has been marked as a duplicate of this bug. ***

Comment 6 Stef Walter 2009-03-01 23:51:40 UTC

We're working on a solution for this in 2.28, by reorganizing how ACLs work.

Comment 7 Stef Walter 2011-03-09 16:20:28 UTC

We no longer support ACLs.