Bug 628290 – On suspend, keyring should be locked *by default*

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 628290 - On suspend, keyring should be locked *by default*


Summary:	On suspend, keyring should be locked by default


Status:	RESOLVED FIXED

Product:	gnome-power-manager
Classification:	Deprecated
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME Power Manager Maintainer(s)
QA Contact:	GNOME Power Manager Maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-08-30 08:21 UTC by Yaron Sheffer
Modified:	2010-10-11 13:53 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Yaron Sheffer 2010-08-30 08:21:33 UTC

Locking (=clearing) the keyring is enabled by a preferences flag, which is off by default. This is a security issue (laptop is suspended, then stolen, passwords can be read off the physical memory). For security-conscious users that password-protect their screensaver (typical in enterprise environments), the feature should be on.

See http://mail.gnome.org/archives/gnome-power-manager-list/2010-July/msg00008.html and follow-up messages.

Thanks!

Comment 1 Richard Hughes 2010-08-31 07:39:03 UTC

Right, from a security point of view you're probably correct, and it's what we used to default to. From a usability point of view, you're totally wrong, and people screamed very loudly when having to unlock the keyring *every time* they resumed. The reason it's required every time, is that NetworkManager uses the keyring to reconnect to a wireless network.

Having to authenticate twice on resume just sucked. Better solutions welcome.

Comment 2 Yaron Sheffer 2010-08-31 08:08:29 UTC

(In reply to comment #1)

I understand that the sequence of operations is:

- User resumes the PC.
- User authenticates to the screen saver (I am assuming that authentication is required).
- The keyring is unlocked
- NM can access the keyring to get the wireless keys.

What am I missing?

BTW, I changed the settings on my own laptop to lock-on-suspend, and things work just fine with NM. Maybe it's a rare race condition?

Comment 3 Richard Hughes 2010-08-31 10:26:55 UTC

Unless thing have changed, unlocking the screen in gnome-screensaver does not unlock the default keyring.

Comment 4 Yaron Sheffer 2010-08-31 15:35:22 UTC

For this to happen, you need to compile gnome-keyring with pam support, and to add the magic line "auth optional pam_gnome_keyring.so" to /etc/pam.d/gnome-screensaver. This is done by default on Ubuntu. Don't know about other distros.

Comment 5 Richard Hughes 2010-08-31 18:26:34 UTC

(In reply to comment #4)
> For this to happen, you need to compile gnome-keyring with pam support, and to
> add the magic line "auth optional pam_gnome_keyring.so" to
> /etc/pam.d/gnome-screensaver. This is done by default on Ubuntu. Don't know
> about other distros.

I have this in Fedora, so it looks like I was wrong. I'll try setting the GConf key to TRUE and do some testing (I'm really busy for the next few hours) but if other people could check this I would appreciate it.

Comment 6 Richard Hughes 2010-10-11 13:53:47 UTC

commit acb0fc91016e5da7cc9a54e85a53230c1c4efcfb
Author: Richard Hughes <richard@hughsie.com>
Date:   Mon Oct 11 14:53:29 2010 +0100

    Lock the keyring before suspending as gnome-keyring with pam support will automatically unlock on resume. Fixes #628290