GNOME Bugzilla – Bug 773009
gcr-prompter prints debug log to /var/log/auth.log
Last modified: 2021-05-17 13:19:32 UTC
Unlocking SSH keys or GnuPG keys on Ubuntu may result in (a lot of) debug infos logged to /var/log/auth.log - those lines should neither * end up in auth.log nor * be permanently stored anywhere on a default install. Steps to reproduce: 1. install on Ubuntu 16.04: gnupg2, pinentry-gnome3 2. $ sudo update-alternatives --config pinentry 3. $ gpg2 --gen-key 4. $ gpg2 --use-agent --sign message.txt # will use pinentry 5. $ sudo tail /var/log/auth.log Sample messages (for more, see launchpad): Jan 12 10:55:43 sys gcr-prompter[7123]: Gcr: deriving shared transport key Jan 12 10:55:43 sys gcr-prompter[7123]: Gcr: deriving transport key Jan 12 10:55:43 sys gcr-prompter[7123]: Gcr: starting password prompt for callback /org/gnome/keyring/Prompt/p4@:1.2 Jan 12 10:55:43 sys gcr-prompter[7123]: Gtk: GtkDialog mapped without a transient parent. This is discouraged. Jan 12 10:55:44 sys gcr-prompter[7123]: Gcr: completed password prompt for callback :1.2@/org/gnome/keyring/Prompt/p4 Please help investigating where this is happening; i have not been able to pinpoint the cause: * gcr/gcr * gcr/debian * pinentry/gnome3 * pinentry/debian * .. Please clarify whether the "sending secret exchange" debug message could, under any circumstances, contain information that could disclose anything about the nature of the pins that have been entered, other than providing a detailed log of all pin entry events (by itself not exactly desirable). https://bugs.launchpad.net/ubuntu/+source/gcr/+bug/1533267 https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1576650 Note that a similar problem existed in 2.92~2.30 in 2010, debian/unstable changelogs reference it: http://bazaar.launchpad.net/~ubuntu-branches/debian/squeeze/gnome-keyring/squeeze/revision/86#debian/patches/10_debugging_output.patch
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gcr/-/issues/78.