Your message dated Thu, 15 Jan 2015 11:34:05 +0000
with message-id <[email protected]>
and subject line Bug#775189: fixed in mate-session-manager 1.8.1-6
has caused the Debian Bug report #775189,
regarding mate-session spawns gnome-keyring unconditionally
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
775189: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775189
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mate-session-manager
Version: 1.8.1-5
Severity: serious
Hi,
Since upstream commit[1] 8a20baf39f781184d6126e0947e9fd4d9a115fab,
mate-session-manager spawns gnome-keyring-daemon, with no option to turn
it off, or pass arguments to it (such as --components).
While this is bad in itself, it gets worse: keyring is spawned *after*
the regular user-configured autostart programs are run. gnome-keyring's
default set of components includes a GPG & a SSH agent and rightfully
exports SSH_AUTH_SOCK and GPG_AGENT_INFO.
Therefore, even if the user has configured their desktop to spawn the
(more featureful and arguably more secure OpenSSH) ssh-agent or
gpg-agent, it is impossible to use it, as gnome-keyring-daemon clobbers
the these two environmental variables.
In other words, mate-session indirectly & unconditionally clobbers
environmental variables that in no way belong to it and actively
preventing programs that own the namespace from using them. This is a
severity: serious issue, IMO.
Note that e.g. gdm3's default PAM configuration uses pam_gnome_keyring
which calls gnome-keyring-daemon with the --daemonize --login options.
This starts the daemon but does not initialize it; mate-sessions's
execution with --start is what initializes it and exports these
variables into the session's environment.
Finally, note that MATE's default session autostart includes multiple
GNOME Keyring entries, a different one for each keyring component, that
can be individually be turned off and on. This is what GNOME used to do
(maybe still does?) as well. I've yet to understand why mate-session
also spawns it from its code as well.
Regards,
Faidon
1:
https://github.com/mate-desktop/mate-session-manager/commit/8a20baf39f781184d6126e0947e9fd4d9a115fab
--- End Message ---
--- Begin Message ---
Source: mate-session-manager
Source-Version: 1.8.1-6
We believe that the bug you reported is fixed in the latest version of
mate-session-manager, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Gabriel <[email protected]> (supplier of updated mate-session-manager
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 13 Jan 2015 10:04:21 +0100
Source: mate-session-manager
Binary: mate-session-manager mate-session-manager-dbg
Architecture: source amd64
Version: 1.8.1-6
Distribution: unstable
Urgency: medium
Maintainer: MATE Packaging Team <[email protected]>
Changed-By: Mike Gabriel <[email protected]>
Description:
mate-session-manager - Session manager of the MATE desktop environment
mate-session-manager-dbg - Session manager of the MATE desktop environment
(debug symbols)
Closes: 775189
Changes:
mate-session-manager (1.8.1-6) unstable; urgency=medium
.
* debian/patches:
+ Add 0001_msmgnome-Allow-users-to-disable-one-or-both-compatib.patch.
Allow users to disable gnome-compat options (i.e. interaction with
gnome-keyring and/or gnome-smproxy). (Closes: #775189).
* debian/copyright:
+ Add missing entry for file mate-session/gsm-systemd.c.
Checksums-Sha1:
b3b66ebba302af8d48797fede56863c9b803cdd6 2526 mate-session-manager_1.8.1-6.dsc
63579dfdae24c0c1b257f4e3762a0308fe64d7a3 6712
mate-session-manager_1.8.1-6.debian.tar.xz
235d95173868aca5f2a75df8c01bdf683b13ddc0 262576
mate-session-manager_1.8.1-6_amd64.deb
bfad2722e254dc83cc3ae59656c173e79b69c3e0 407354
mate-session-manager-dbg_1.8.1-6_amd64.deb
Checksums-Sha256:
ea00034d0c661ca5b01f475c52b11852da615dde4bee02353582077e5c56b13e 2526
mate-session-manager_1.8.1-6.dsc
fa9f46152c999bd5d7b57420b3cf9211873c94b1e86ccb7167957899336d4090 6712
mate-session-manager_1.8.1-6.debian.tar.xz
674ad827080e6ddf75c73f48f82bd85565521edcca15aac571f424884e930a72 262576
mate-session-manager_1.8.1-6_amd64.deb
fea8778e6667f8fd7fe420a50fdd0157b77ed6f8e2c8cedb86fc4af61c7255f0 407354
mate-session-manager-dbg_1.8.1-6_amd64.deb
Files:
7d898381bb5ed6cad2790456b2960722 2526 x11 optional
mate-session-manager_1.8.1-6.dsc
c338ed4dda06d8dae1f129388d00b98e 6712 x11 optional
mate-session-manager_1.8.1-6.debian.tar.xz
1e19bf307e21d7e65d8eb8aaa29a90b5 262576 x11 optional
mate-session-manager_1.8.1-6_amd64.deb
f06dc774131a8547a69eb9f5d61e5d95 407354 debug extra
mate-session-manager-dbg_1.8.1-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUt6OUAAoJEJr0azAldxsxg9YP/0G3wN5C+R9AymbMgvejWvo2
L25ar+Zq+9CjEw/QepZqRj7UIvLkO+8JOd8D9f4k8m1q8OEXGgaHGGpD59BZyPkQ
kZw8ML5+7X09KvFVuRYJ/ZC6dWj2r/P3n0wzVDi13S4qGaEWlUovzeVFYqySFRdP
cYoVQAMwc4h6XlcBQcz6vv8vaPJMwp2+sMjx3aFeoT5XD6Dal2wO1rZL/plNLfMk
P2Ja0PMf1Ox9hVFjgSK+tkNX/hHytYomhRVuVQC0AmkUglqufkhneCcaUni+H450
RELhyiN48O1KMoJ2XE6u75CWI+cnLg+5Y2IkjEzrxhks8zIrg1B/PHEFgQYn6bq1
pA1f+deuwJAUp+jybU/YpHqN2Mwe2yyOg+IFmZhV6Sj+3AXNWj4d2uhmHlhsonSE
V6NuV7Cau0NE+dPVdEdAkcs/KD7xNiz8mrMdkVQ8Rkg6D4JuywDLCb1rAlBor2zz
yfVTAO+qoh1U9zNTFTGPNrk4DUutQFJvbi+ktFli7OX6LV4QbsmV6Bs0ziS0dbnV
sL17J2+W4Oilek0NznJ3mRKCZLY4Z6jt3GqYN+iuMDCqlmu6nzspmm6SkrXK32I0
8bOXsT11RHXV68HBHgFIAGPB0B3fu9XTDYmUV48aIOVu11QEb26RZNTndqBfb70B
EARKdbst+HmgpyONnPMp
=z2aK
-----END PGP SIGNATURE-----
--- End Message ---
