GNOME.org
 

Re: gnome-keyring Gnome keyring security

AFAIK gnome-keyring uses NSS as the key store but does its own memory management. If I understand correctly, the need for configurable cache timeouts and the like are mitigated by two features of gnome-keyring: non-pageable, zero-on-free memory for secrets[1][2] and purging of said memory on sleep/hibernate[3]. These wiki pages are fairly outdated, but at least the former refers to code that's still around. I seem to recall that recent incarnations of gnome-keyring dump keys on screen lock as well, but I can't find a source for that and I honestly don't know if that is still even a feature. Someone else will have to answer those questions for you.
As far as such things being within gnome-keyring's purview, there are pages on the (still outdated) wiki specifically stating that these are out of scope[4][5].
I hope this helps. I'd wait for a more familiar member on this list to yell at me for everything I got blatantly wrong before you do anything with this information though ;-) 

[1]: https://wiki.gnome.org/Projects/GnomeKeyring/Memory
[2]: https://git.gnome.org/browse/gnome-keyring/tree/egg/egg-secure-memory.h [3]: https://wiki.gnome.org/Projects/GnomeKeyring/Goals#Locking_up_before_hibernate (also https://bugzilla.gnome.org/show_bug.cgi?id=628290 and https://mail.gnome.org/archives/gnome-power-manager-list/2010-July/msg00008.html) [4]: https://wiki.gnome.org/Projects/GnomeKeyring/SecurityPhilosophy#Active_Attacks [5]: https://wiki.gnome.org/Projects/GnomeKeyring/SecurityFAQ#What_types_of_attacks_are_still_possible.3F
(pretty much just keep clicking links from https://wiki.gnome.org/Projects/GnomeKeyring)
On Fri, Jan 29, 2016 at 6:36 AM, Christopher <ctubbsii-fedora apache org> wrote: 
Hello,
I'm new to this list, but it was recommended I discuss the following here before bringing it back to the Fedora lists. Below is the message I sent to the Fedora mailing list: 

---------- Forwarded message ---------
From: Christopher <ctubbsii-fedora apache org>
Date: Thu, Jan 21, 2016 at 3:38 PM
Subject: Gnome keyring security in Fedora
To: Development discussions related to Fedora <devel lists fedoraproject org>
I've been thinking about Gnome keyring a lot lately, and I have concerns about security, and I don't know if this is a Gnome keyring problem, or a problem affecting Fedora specifically.
In short, it doesn't look like Gnome keyring has the ability to notify a user interactively when a password is read from an unlocked keyring (or to dynamically unlock it with a master passphrase upon request). Is this correct? If so, it puts it behind NSS features that Firefox and other apps use to store passwords and other credentials. However, if it's just something specific which isn't packaged for Fedora, or isn't installed by default, that would be very good to know.
In the past, seahorse-plugins provided a gpg-agent with a tool for configuring cache preferences. It looks like seahorse-plugins is no longer packaged for Fedora, and gpg2 integrates with seahorse/gnome keyring differently (I don't know how). At least for GPG passphrases, this provided some UI to notify the user upon programmatic access to the cached credentials, and provided an notification icon whenever the cache was non-empty. It also provided a customizable timer for the cache.
Although they didn't help for non-GPG credentials, these features of seahorse-plugins provided important (essential, I would say) security for a GPG credential cache (and, I would argue, essential for any private credential store). However, these appear to have been lost in Fedora, making Fedora less secure. Does anybody know about this? Do these features have replacements which I'm not aware of? If so, why aren't they installed in Fedora by default?
Is this downgrade in security a Fedora problem, or is it a Gnome problem, or a seahorse problem? Are there alternatives? NSS seems to be getting some of this right, but doesn't have good integration with Gnome/Seahorse/GPG. 

Thoughts?

--
Christopher
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]