Julien Cristau
2012-Aug-02 14:47 UTC
[Secure-testing-team] Bug#683655: gnome-keyring: gpg passphrase cached forever
Package: gnome-keyring Version: 3.4.1-4 Severity: grave Tags: security Justification: user security hole At some point gnome-keyring seemed to obey the configuration asking it to stop caching passphrases after a while. It no longer does. $ gsettings list-recursively org.gnome.crypto.cache org.gnome.crypto.cache gpg-cache-authorize false org.gnome.crypto.cache gpg-cache-method ''idle'' org.gnome.crypto.cache gpg-cache-ttl 600 Yet I''m never asked for the passphrase again. Cheers, Julien -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, ''testing''), (500, ''stable-updates''), (500, ''proposed-updates''), (500, ''unstable''), (500, ''stable''), (101, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gnome-keyring depends on: ii dbus-x11 1.6.2-2 ii dconf-gsettings-backend [gsettings-backend] 0.12.1-2 ii gcr 3.4.1-3 ii libc6 2.13-35 ii libcap-ng0 0.6.6-2 ii libcap2-bin 1:2.22-1.1 ii libdbus-1-3 1.6.2-2 ii libgck-1-0 3.4.1-3 ii libgcr-3-1 3.4.1-3 ii libgcrypt11 1.5.0-3 ii libglib2.0-0 2.32.3-1 ii libgtk-3-0 3.4.2-2 Versions of packages gnome-keyring recommends: ii libpam-gnome-keyring 3.4.1-4 gnome-keyring suggests no packages. -- no debconf information -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20120802/d9294e09/attachment.pgp>