From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 Description of problem: I have several users on the system and I will sit down in the morning and find multiple instances of /usr/bin/gnome-keyring-daemon still running, (sometimes more than one copy per-user) hours after they have logged out. normally I weed them with sudo killall /usr/bin/gnome-keyring-daemon, but I shouldn't have to do this. Version-Release number of selected component (if applicable): gnome-keyring-0.2.0-1 How reproducible: Always Steps to Reproduce: 1. start a gnome session 2. exit the session 3. come back hours or even days later, and log in as root or some other user Actual Results: /usr/bin/gnome-keyring-daemon still running Expected Results: /usr/bin/gnome-keyring-daemon exiting normally at session-end Additional info: since this thing handles passwords I'm choosing 'security' for the severity -- if this should be incorrect, please feel free to mod it back down. I just think it should be looked at asap if it DOES actually involve a potential security breach. I haven't actually tried exploiting it myself -- to me it's just a cleanup annoyance, but I'd think some intrepid individual would attempt to mess with it.
I've tried this with FC3, and the daemon goes away. I don't think anything related to this has changed since FC2. How do you exit the session?
I've watched my roommate do it. He just logs out normally from the gnome-panel 'start' menu. I've got FC3 on a test box as of yesterday, so I'll be playin' with it for a bit over there too. Will let you know if I find anything.
With FC3 and gnome-keyring-0.4.0-1 we are seeing lots of this in the small room of computers we have. There seem to be a group of programs that often hang about after the X session has gone (e.g. bug 139372 , bug 140262 or bug 140874 ) but gnome-keyring-daemon is a regular offendor. If an strace of a still running gnome-keyring-daemon would help let me know.
I'm removing the security severity on this issue. If someone can show that it's possible to leak passwords from this process hanging around, please adjust the severity back to security.
I added some stuff in upstream cvs that should make this problem go away. Its all in gnome 2.9 though.
Comment #5: Any chance that your new version can be built against FC3's Gnome 2.8?
...not to mention FC2's release-version
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
I haven't seen this problem since upgrading to FC5 (may have been fixed in FC4 and I didn't notice though). If it was fixed in FC4, perhaps it should be marked fixed CURRENTRELEASE?