Bug 637964 – PKCS#11 modules to use for trust lookups should be in dconf

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 637964 - PKCS#11 modules to use for trust lookups should be in dconf


Summary:	PKCS#11 modules to use for trust lookups should be in dconf


Status:	RESOLVED WONTFIX

Product:	gcr
Classification:	Core
Component:	General
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:	636572

Reported:	2010-12-24 15:53 UTC by Stef Walter
Modified:	2019-02-22 11:59 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Stef Walter 2010-12-24 15:53:16 UTC

We should use dconf lockdown/defaults to list the PKCS#11 modules that are used for trust lookup. Need to research this further, and figure out how the lockdown is deployed and implemented.

By default we don't want the user account to be able to modify these settings.

Comment 1 Stef Walter 2010-12-26 19:02:03 UTC

Dan, I like this suggestion (in your comment on bug #636572) but I can't figure out how one would install such a mandatory key from an application.

In order to meet security requirements, the goal is to by default have these keys not be modifiable by the user. If a distro or admin wishes to changes this default, that should be possible, but lockdown needs to be the default state of affairs.

I've looked through the dconf stuff, and there's hints and talk of mandatory keys exposed here and there. The architecture is well thought out with regards to lock down. There's some mentions of a /system tree which is accessed over the system dbus bus. However I can't yet figure out how to use either of these features.

Is the implementation of dconf lockdown completed? It certainly isn't documented as far as I can tell. And if so, it seems like distros like Ubuntu don't deploy this stuff, and just rely on the fallback .config/dconf/user database.

If this is incomplete, maybe we should just stick with a config file system? We need to be able to count on the user not being able to modify these keys.

In addition, even if we get dconf lockdown working nicely, in order to have any guarantees of lockdown/mandatory stuff wouldn't we have to make sure the GSettings backend is dconf and not something else like gconf (in any application using gcr and glib).

Comment 2 Dan Winship 2010-12-27 17:03:51 UTC

I don't know any details of how lockdown works.

> In addition, even if we get dconf lockdown working nicely, in order to have any
> guarantees of lockdown/mandatory stuff wouldn't we have to make sure the
> GSettings backend is dconf and not something else like gconf (in any
> application using gcr and glib).

Hm... that's a more generic problem; if lockdown is being used at all, then you need to lock down the choice of gsettings backend as well... OK, I think this means we can't use lockdown for just a handful of keys on an otherwise-not-locked-down system.

Comment 3 Stef Walter 2010-12-29 01:13:22 UTC

Okay, won't use dconf then. I will look into adding something to the /etc/xdg/pkcs11.conf which will make it more XDG basedir conformant.

Comment 4 Dan Winship 2010-12-29 01:22:28 UTC

I'm going to suggest again, please DON'T use /etc/xdg if you're not using the XDG directory rules. There's nothing that says desktop components aren't allowed to use the rest of /etc.

Comment 5 Stef Walter 2010-12-29 01:34:27 UTC

I was thinking of having a flag in the system conf (ie: /etc/xdg/pkcs11.conf) that says whether to proceed with having ~/.config user configs override the system config. Of course technically, this is bending the rules.