Re: gnome-keyring Lock keyring on suspend



Did some initial research. Richard Hughes announced this feature here: http://hughsient.livejournal.com/19481.html and https://bugzilla.gnome.org/show_bug.cgi?id=375681.


The feature is indeed off-by-default ( http://git.gnome.org/browse/gnome-power-manager/tree/data/org.gnome.power-manager.gschema.xml), and for good usability reasons. BTW, lock-on-hibernate is on by default.


Richard suggested back then that this should be in the UI. I have another proposal: make this flag on-by-default, but have the logic (now at http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c) depend on this flag, as well as the combination of the power manager setting /apps/gnome-power-manager/lock/suspend and when applicable, the screen saver setting/apps/gnome-screensaver/lock_enabled.


In other words:


if (gpm-lock-keyring-on-suspend &&

    (gpm-use-screensaver-setting ? screensaver-lock-on-suspend : gpm-lock-on-suspend)) {

         lock-the-keyring();

    }


Rationale: if the user needs to enter a password on resume, you might as well clear the keyring on suspend. Otherwise, we don't want to annoy users by requiring a password during resume.


Motivation for lock-on-suspend: suspend, as opposed to hibernate, maintains power to RAM. This makes cold-boot attacks practical on stolen laptops (http://citp.princeton.edu/pub/coldboot.pdf). Moreover, an attacker can physically probe the RAM to read everything off it. And I suppose this is trivial if you have a programmable DMA device.


Thanks,

    Yaron



On 07/19/2010 06:28 AM, Stef Walter wrote:
On 2010-07-18 12:24, Yaron Sheffer wrote:
  
it took me some time to find the Gnome configuration value
/apps/gnome-power-manager/lock/gnome_keyring_suspend. It was disabled on
my machine (Ubuntu Lucid). IMHO, it should be on-by-default because it
adds quite a bit of security for laptops, which tend to be
suspended/hibernating when they get stolen.


So: can it be turned on (or is it just Ubuntu)?
    
Yes, I think it should be turned on. I'd be really interested in why
it's not on by default. If you have time to research this that would be
a big help. This may be historical. The gnome-power-manager maintainers
may know.

  
Can I help to document this flag? Maybe start a "secure configuration FAQ"?
    
Sure, you can branch it off of here:

http://live.gnome.org/GnomeKeyring

Thanks for your participation!

Cheers,

Stef
  


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]