Re: gnome-keyring Lock keyring on suspend

From: Yaron Sheffer <yaronf gmx com>
To: stef memberwebs com, Richard Hughes <richard hughsie com>
Cc: hughsient gmail com, gnome-keyring-list gnome org, gnome-power-manager-list gnome org
Subject: Re: gnome-keyring Lock keyring on suspend
Date: Mon, 19 Jul 2010 11:48:54 +0300

Did some initial research. Richard Hughes announced this feature here: http://hughsient.livejournal.com/19481.html and https://bugzilla.gnome.org/show_bug.cgi?id=375681.

The feature is indeed off-by-default ( http://git.gnome.org/browse/gnome-power-manager/tree/data/org.gnome.power-manager.gschema.xml), and for good usability reasons. BTW, lock-on-hibernate is on by default.

Richard suggested back then that this should be in the UI. I have another proposal: make this flag on-by-default, but have the logic (now at http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c) depend on this flag, as well as the combination of the power manager setting /apps/gnome-power-manager/lock/suspend and when applicable, the screen saver setting/apps/gnome-screensaver/lock_enabled.

In other words:

if (gpm-lock-keyring-on-suspend &&

(gpm-use-screensaver-setting ? screensaver-lock-on-suspend : gpm-lock-on-suspend)) {

lock-the-keyring();

}

Rationale: if the user needs to enter a password on resume, you might as well clear the keyring on suspend. Otherwise, we don't want to annoy users by requiring a password during resume.

Motivation for lock-on-suspend: suspend, as opposed to hibernate, maintains power to RAM. This makes cold-boot attacks practical on stolen laptops (http://citp.princeton.edu/pub/coldboot.pdf). Moreover, an attacker can physically probe the RAM to read everything off it. And I suppose this is trivial if you have a programmable DMA device.

Thanks,

Yaron

On 07/19/2010 06:28 AM, Stef Walter wrote:

On 2010-07-18 12:24, Yaron Sheffer wrote:

it took me some time to find the Gnome configuration value
/apps/gnome-power-manager/lock/gnome_keyring_suspend. It was disabled on
my machine (Ubuntu Lucid). IMHO, it should be on-by-default because it
adds quite a bit of security for laptops, which tend to be
suspended/hibernating when they get stolen.


So: can it be turned on (or is it just Ubuntu)?

Yes, I think it should be turned on. I'd be really interested in why
it's not on by default. If you have time to research this that would be
a big help. This may be historical. The gnome-power-manager maintainers
may know.

Can I help to document this flag? Maybe start a "secure configuration FAQ"?

Sure, you can branch it off of here:

http://live.gnome.org/GnomeKeyring

Thanks for your participation!

Cheers,

Stef

Follow-Ups:
- Re: gnome-keyring Lock keyring on suspend
  - From: Stef Walter
- Re: gnome-keyring Lock keyring on suspend
  - From: Yaron Sheffer

References:
- gnome-keyring Lock keyring on suspend
  - From: Yaron Sheffer
- Re: gnome-keyring Lock keyring on suspend
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]