After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 602914 - Whitelist some directories for the ask dialog
Whitelist some directories for the ask dialog
Status: RESOLVED OBSOLETE
Product: gnome-keyring
Classification: Core
Component: prompting
2.28.x
Other Linux
: Normal enhancement
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2009-11-25 10:16 UTC by Josselin Mouette
Modified: 2010-02-07 19:05 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Whitelist /usr/lib/ and /usr/bin/ (998 bytes, patch)
2009-11-25 10:16 UTC, Josselin Mouette 		none Details | Review

Description Josselin Mouette 2009-11-25 10:16:11 UTC 
Created attachment 148433 [details] [review]
Whitelist /usr/lib/ and /usr/bin/

The ask dialog can get very annoying at times, asking whether this or that binary should be allowed to access the keyring.

Some distributions choose to drop the dialog entirely. In Debian we opted for a simple yet functional approach: whitelist every program installed under /usr/bin/ and /usr/lib/ (note that there is no libexec in Debian, other distributions might want to add it).

The patch is probably not suitable as is for committing, but it might give you some ideas on how to improve the situation.
Comment 1 Stef Walter 2010-02-07 19:05:00 UTC 
The ACL code no longer exists in gnome-keyring as of 2.29.x. 

BTW, the fix you describe above demonstrates why such path based ACLs don't work at all: Any application run via python, java, mono, ruby or any other interpreter will be whitelisted.