On Thu, Jan 21, 2016 at 3:38 PM Christopher <ctubbsii-fedora@xxxxxxxxxx> wrote:
I've been thinking about Gnome keyring a lot lately, and I have concerns about security, and I don't know if this is a Gnome keyring problem, or a problem affecting Fedora specifically.
In short, it doesn't look like Gnome keyring has the ability to notify a user interactively when a password is read from an unlocked keyring (or to dynamically unlock it with a master passphrase upon request). Is this correct? If so, it puts it behind NSS features that Firefox and other apps use to store passwords and other credentials. However, if it's just something specific which isn't packaged for Fedora, or isn't installed by default, that would be very good to know.
In the past, seahorse-plugins provided a gpg-agent with a tool for configuring cache preferences. It looks like seahorse-plugins is no longer packaged for Fedora, and gpg2 integrates with seahorse/gnome keyring differently (I don't know how). At least for GPG passphrases, this provided some UI to notify the user upon programmatic access to the cached credentials, and provided an notification icon whenever the cache was non-empty. It also provided a customizable timer for the cache.
Although they didn't help for non-GPG credentials, these features of seahorse-plugins provided important (essential, I would say) security for a GPG credential cache (and, I would argue, essential for any private credential store). However, these appear to have been lost in Fedora, making Fedora less secure. Does anybody know about this? Do these features have replacements which I'm not aware of? If so, why aren't they installed in Fedora by default?
Is this downgrade in security a Fedora problem, or is it a Gnome problem, or a seahorse problem? Are there alternatives? NSS seems to be getting some of this right, but doesn't have good integration with Gnome/Seahorse/GPG.
Thoughts?
To be honest, I thought there'd be more interest in this topic by now, considering Gnome Keyring stores so many things now in the Logon keyring by default:
Bugzilla credentials for ABRT,
Chrome sync'd passwords,
Firefox site passwords,
GPG private keys,
gpg-agent passphrases,
GPG private keys,
gpg-agent passphrases,
SSH private key passphrases,
etc.
And these can be accessed without any user notification or interaction by any process run by the user by making simple Gnome library calls, unless the user explicitly locks it between uses as a manual process, and even then it won't keep out a persistent script which grabs what it wants during an open window when the keyring is unlocked (it doesn't appear there's an atomic "unlock for this key only, then relock" option).
I can't be the only one interested in finding out how to secure these things in Fedora.
--
Christopher
I can't be the only one interested in finding out how to secure these things in Fedora.
--
Christopher
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
