Bug 1025723

Summary: gnome-keyring: does not properly kill gnome-keyring-daemon before exit, race condition causes pam umount fail
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: debarshir, jkurik, mclasen, pfrields, stefw, walters, zeenix
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-03 18:55:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1025724, 1030671    
Bug Blocks: 1025725    

Description Ratul Gupta 2013-11-01 11:38:42 UTC 
Gnome-keyring is found to have a flaw, where an encrypted disk fails to unmount even after logging out using the pam-mount, and as it's in the background, the user won't be aware of this.

The issue is that in pam/gkr-pam-module.c stop_daemon() sends SIGTERM to the gnome-keyring-daemon process instead of SIGKILL i.e. just requesting shutdown and ensuring the process is killed. This means that when pam_gnome_keyring.so returns from pam_close_session() the daemon is sometimes still running (race condition). Since the daemon has an open socket in the users home directory, pam_mount's umount call will fail. It was found that gnome-keyring-daemon has an open socket at in ~/.cache/keyring-xxxxxx/control, which is started at login.

This issue was reported to be successful under lightdm and XFCE, but should also affect other systems that use pam-gnome-keyring and pam-mount together.

A workaround is posted to replace SIGTERM with SIGKILL in the source. You may want to use SIGTERM/sleep/if(alive) SIGKILL to give the daemon a chance to exit properly.

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728312
https://bugzilla.gnome.org/show_bug.cgi?id=711222
http://sourceforge.net/p/pam-mount/mailman/message/31580148/
Comment 1 Ratul Gupta 2013-11-01 11:40:05 UTC 
Created gnome-keyring tracking bugs for this issue:

Affects: fedora-all [bug 1025724]
Comment 3 Stef Walter 2013-12-10 19:47:39 UTC 
When you see this condition, could you do a backtrace of all threads in the gnome-keyring-daemon? gnome-keyring-daemon should exit on SIGTERM. If it doesn't, then that's the bug.
Comment 5 Matthias Clasen 2014-01-27 18:40:09 UTC 
Is there somebody else who can answer Stef's question ?
Comment 6 Vincent Danen 2014-02-06 04:17:33 UTC 
I've not reproduced this and the individual who filed the bug is no longer with Red Hat.

Unfortunately, I am unable to test this being relatively unfamiliar with the program.  I would have hoped that upstream would have looked into this a bit, but it seems like their bug has not progressed.

Maybe the owner of this package could take some time and look at it?  I'm not sure whether this was actually ever tested, or was simply reported this way.

As an aside, nothing has moved on the Debian report so maybe this is a bogus report?  I'm not sure if anyone has reproduced it or not.
Comment 7 Stef Walter 2014-03-06 17:46:32 UTC 
Related bug: https://bugzilla.gnome.org/show_bug.cgi?id=708765

Not sure it's the same issue. Patched upstream.