Bug 146966
| Summary: | Keyring loses integrity over time | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Matthew Garrett <mjg59> |
| Component: | gnupg | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED NOTABUG | QA Contact: | Mike McLean <mikem> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.0 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-02-07 12:46:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This problem has nothing to do with gnupg. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050105 Epiphany/1.4.7 Description of problem: RH keyring provided in small cardboard box labelled "Reflects Cable Keyring, matt, art 10001" consists of a single cable looped around with both ends passing through a small silver metal fob with the Red Hat logo. The cable ends are secured with small screw caps - removing the screw caps allows the cable to pass through the fob, which in turn allows keys to be added or removed. Due to a lack of friction between the screw caps, the cable and the fob, over time the screw caps become loose. If the keyring is then removed from the user's pocket, the screw cap will detach and the keyring will suffer a violent loss of integrity. The user's private keys may then be strewn around the surrounding area. This public availability of private keys has obvious security implications. Suggested fix: Increased integrity of screw caps Version-Release number of selected component (if applicable): How reproducible: Sometimes Steps to Reproduce: 1. Place keys on keyring 2. Place keyring in pocket Actual Results: Keys located on ground. In dark conditions, recovery of keys may be difficult. Expected Results: Keyring integrity maintained, keys kept in usable state Additional info: Tested with two different keyrings. Equally reproducible. No reason to suspect user error.