*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
I have Ubuntu 13.10 Desktop installed. I am being prompted with this
message: "Title: 'Unlock Keyring' - An application wants access to the
keyring 'default', but it is locked. Password? [____]" Note that in this
case there is no "Details >" expansion control, no "reveal more", no
button to "view details" etc.
This is not an unfamiliar message, similar concepts exist for both
Windows and Mac, and the behavior derives from earlier forms of Linux.
The idea of a keyring specifically is something I used on the Mac.
I have some beef with this message in Ubuntu's form, however. What
application is requesting this? Accessing a keyring with a password is
asking for a Master password, one password to rule them all. One cannot,
and should not, just hand out this master password to any application.
So what application wants access to the keyring??
IMO this failure to disclose who is asking for the master password is
critically bad security.
** Affects: gnome-keyring (Ubuntu)
Importance: Undecided
Status: New
** Tags: keyring ubuntu-one
--
"An application wants access to the keyring" (*which* application is not
specified)
https://bugs.launchpad.net/bugs/1293790
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
