GNOME Bugzilla – Bug 612977
session keyring is stored to disk
Last modified: 2010-03-20 02:23:03 UTC
The session keyring should never hit disk. (http://library.gnome.org/devel/platform-overview/stable/keyring.html.en: "The keyring manager also provides a session keyring. Items in the session keyring are never stored on disk, and are lost as soon as the user's session ends. The session keyring can be used to store passwords to be used in the current session only."). This has regressed in 2.29, unfortunately. 2.28 and earlier correctly never wrote the session keyring to disk. In 2.29, the keyring is written to disk, leaving passwords in the clear. :( https://launchpad.net/bugs/539180
Setting target to 2.30 since that seems a security issue...
Thanks for catching that. Nasty issue. commit d30630070b2e7f6173ea872f45bb47b70948e796 Author: Stef Walter <stef@memberwebs.com> Date: Sat Mar 20 02:19:44 2010 +0000 [secret-store] Don't save session keyring to disk. There was a major problem where the session keyring was being saved to disk, and since it had to master password, as a cleartext keyring Mark the session keyring as transient so it doesn't even come near the storage code. Also rework the collection storage code, so that it properly handles various corner cases. Fixes bug #612977