After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 342144 - Ask dialog less secure for python clients
Ask dialog less secure for python clients
Product: gnome-keyring
Classification: Core
Component: prompting
Other Linux
: Normal normal
: 2.28
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
: 388374 (view as bug list)
Depends on:
Reported: 2006-05-17 16:24 UTC by Gustavo Carneiro
Modified: 2011-03-09 16:20 UTC
See Also:
GNOME target: ---
GNOME version: ---

screenshot showing what happens now for python programs (17.54 KB, image/png)
2006-05-17 16:25 UTC, Gustavo Carneiro
proposed patch (2.29 KB, patch)
2006-05-17 16:57 UTC, Gustavo Carneiro
needs-work Details | Review

Description Gustavo Carneiro 2006-05-17 16:24:44 UTC
The ask dialog currently prints two informations regarding the application that requests authorization:
  1- The app name set from gnome_program_init;
  2- The process exe name.

In case of python applications, the exe name is always /foo/bar/python.  The program being executed is the first argument, which is not displayed.  Thus, it is possible for a rogue program to pretend to be a well known and trust python program (e.g. gajim), and the user could never tell the difference.

My proposal would be to display the full command line (on linux, /proc/<pid>/cmdline) instead of the exe.
Comment 1 Gustavo Carneiro 2006-05-17 16:25:32 UTC
Created attachment 65689 [details]
screenshot showing what happens now for python programs
Comment 2 Gustavo Carneiro 2006-05-17 16:57:43 UTC
Created attachment 65696 [details] [review]
proposed patch
Comment 3 Fernando Herrera 2006-06-04 18:40:36 UTC
I think that we cannot use command line for all applications, just because for example clicking on a photo in nautilus would use "eog photo2.jpg" and would add an ACL entry for that exact command line and then clicking on photo3.jpg would request again auth.

Maybe we can just use an special case for java and python GNOME apps, but again not using the full command line only the "code" to use.  I guess that it could be rather difficult, for exmple with java your code to exec is a combination of -classpath and something more for the main class.

Comment 4 Gustavo Carneiro 2006-06-04 20:43:00 UTC
You're right.  I forgot about the ACLs; the patch's only intention was to change the string that is displayed to the user, not change any ACLs.
Comment 5 Stef Walter 2007-03-19 02:32:51 UTC
*** Bug 388374 has been marked as a duplicate of this bug. ***
Comment 6 Stef Walter 2009-03-01 23:51:40 UTC
We're working on a solution for this in 2.28, by reorganizing how ACLs work. 
Comment 7 Stef Walter 2011-03-09 16:20:28 UTC
We no longer support ACLs.