GNOME Bugzilla – Bug 653573
Passwords store in plain text in ./gnome-commander/connections
Last modified: 2015-05-18 21:23:30 UTC
If I make a connection to a server over ssh and do NOT chose to "[ ] Use GNOME Keyring Manager for authentication" and supply the password in the gnome-commander dialog I find that the password is stored in ./gnome-commander/connections in plain text. This is a security flaw. I am running gnome-commander 1.2.8.9 on Ubuntu 10.04. I have seen this behavior on other versions of gnome-commander on other Linux operating systems. I can do a more extensive investigation and show which versions and distros if that would be of assistance. If I tell gnome-commander to "[X] Use GNOME Keyring Manager for authentication" it does not save the password in the Gnome keyring manager and asks me for the password each time. I do not know if this is a gnome-commander bug or a Gnome keyring manager bug. Either way I would much rather be prompted for a password when I restore a saved connection than to have the password store in a non-secure way.
Confirmed - NOT choosing GNOME Keyring Manager causes gcmd to store passwords in plain text. gcmd could use some cryptography here, but I wouldn't like to duplicate here functionality of GNOME Keyring Manager... Any ideas are very welcome. As for Gnome keyring manager usage - it should use it for accessing stored passwords and this is how it works for me (FC13) - keyring asks for its master password once and silently opens all connections. Definitely the problem needs some more investigation.
Thanks for the response epiotr. Gnome-commander is one of my most used programs. I have tried several other Norton Commander like programs and none are as full featured. Thank you for all your good work. As to using gnome keyring - it does NOT work on Ubuntu 10.04. This is probably an issue with Ubuntu rather than gnome-commander. Or perhaps I do not have the keyring setup properly. I have a Fedora 15 virtual machine handy and I will try gnome-commander and the keyring there. If I may make a suggestion... Allow the user to choose not to use the keyring and NOT to supply a password when making a new Remote Server connection. When the user clicks the Connect button, ask for the password and use it to make the connection. I will report back on what I find with Fedora and I will also do some investigation on why Ubuntu and the keyring manager and gnome-commander do not work together. Ken
I feel like an idiot! I created new virtual machine installs of Ubuntu 10.04, 11.04, Fedora 15 and 13. I managed to crash gnome-commander in all of them using "[X] Use GNOME Keyring Manager for authentication". I did some reading on the keyring and found a lot of programmer level and api information. I read that the "vision" behind the thing was to make password and key management "transparent to the user" or something like that. Invisible would be a better term. After testing on Fedora 13, which you indicated worked fine, and crashing gnome-commander I decided that I needed to revisit creating the password/key before connecting. I created a new "Secure Shell Key" using seahorse. Since gnome-commander is making an ssh connection I guess that makes more sense than just storing a password. Low and behold it works!!! But all is not lost. After finding the plain text passwords reported in this bug I decided to setup NFS on my server (really just a BIG hard drive, no traditional server services other than SSH, Samba and now NFS). I built scripts to mount the exported file systems and unmount them. gnome-commander does NOT like to be called up with dead NFS mounts on the PC. That is if I shut down the server and do not unmount the NFS shares on the PC side, gnome-commander will often crash or lock up. Same if I have gnome-commander running on the PC when I shut down the server. So I have to just be careful. That said... NFS is 1.5 - 2x faster than transferring files over ssh. And now that I have gnome-commander connecting as it should I have a couple of options. If I may make another suggestion... It would be nice if gnome-commander would raise a message to the effect "hey moron, you need to put a key in the keyring before using it to connect" rather than crashing. Thanks again for your work. Ken
Hi, I fixed the bug by removing the ability to enter the connection password in the GCMD connections dialog. This is currently the easiest and, in my eyes, most secure way. This means that from now, password-secured connections can only be set-up by using libgnome-keyring. The fix will go into the next bugfix release of gnome commander. It is highly recommended to check if there are any passwords hidden in the "Connections"-section of your $HOME/.gnome-commander/gnome-commander.xml and to delete these passwords. In the case of an sftp connection, you would find a password here: <Connection name="MyConnection" uri="sftp://user:password@IPAdress/Directory" .../> You would have to delete ":password" from the string in that case.
An excellent solution. Passwords should never be stored in plain text and there is no reason to re-invent a way to store them encrypted. The gnome keyring does the job and gnome-commander integrates well with gnome keyring in my experience. Thanks, Ken