[Desktop-packages] [Bug 432882] Re: Python binding for gnomekeyring prevents password prompt on unlock

Sat, 02 Aug 2014 12:42:06 -0700 

** Changed in: gnome-python-desktop
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-python-desktop in Ubuntu.
https://bugs.launchpad.net/bugs/432882

Title:
  Python binding for gnomekeyring prevents password prompt on unlock

Status in Gnome Python Desktop:
  Won't Fix
Status in “gnome-python-desktop” package in Ubuntu:
  Confirmed

Bug description:
  According to the doc for gnomekeyring, passing a NULL password into
  gnome_keyring_unlock() causes the keyring daemon to prompt the user
  for a password. [1]

  Passing None into Python's gnomekeyring.unlock_sync() results in a
  TypeError, rather than prompting the user for a password. For example:

  ---
  $ cat h2.py 
  #!/usr/bin/env python
  # From 
http://michael.susens-schurter.com/blog/2008/10/30/listing-all-passwords-stored-in-gnome-keyring/

  import pygtk
  pygtk.require('2.0')
  import gtk # sets app name
  import gnomekeyring
   
  def hack():
      keyring = "balancer.credentials"
      gnomekeyring.unlock_sync(keyring, None)
   
  if __name__ == '__main__':
      hack()
  $ python h2.py
  Traceback (most recent call last):
    File "h2.py", line 14, in <module>
      hack()
    File "h2.py", line 11, in hack
      gnomekeyring.unlock_sync(keyring, None)
  TypeError: unlock_sync() argument 2 must be string, not None
  ----

  I expect the user to be prompted by the daemon.

  This is a security vulnerability, as it forces apps to render their
  own password prompt, which may be spoofed by an attacker, rather than
  the (presumably) more secure trusted path of the daemon.

  [1] - http://library.gnome.org/devel/gnome-keyring/stable/gnome-
  keyring-gnome-keyring-keyrings.html#gnome-keyring-unlock

  ProblemType: Bug
  Architecture: i386
  DistroRelease: Ubuntu 9.04
  Package: python-gnome2-desktop 2.26.0-0ubuntu3
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_CA.UTF-8
   SHELL=/bin/bash
  SourcePackage: gnome-python-desktop
  Uname: Linux 2.6.28-15-generic i686

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-python-desktop/+bug/432882/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to