Bug 138249 - /usr/bin/gnome-keyring-daemon never quits
Summary: /usr/bin/gnome-keyring-daemon never quits
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-keyring
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Alexander Larsson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-06 06:48 UTC by Scott R. Godin
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version: FC4
Clone Of:
Environment:
Last Closed: 2006-08-14 12:32:09 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Scott R. Godin 2004-11-06 06:48:58 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001
Firefox/0.10.1

Description of problem:
I have several users on the system and I will sit down in the morning
and find multiple instances of /usr/bin/gnome-keyring-daemon still
running, (sometimes more than one copy per-user) hours after they have
logged out.

normally I weed them with sudo killall /usr/bin/gnome-keyring-daemon,
but I shouldn't have to do this.

Version-Release number of selected component (if applicable):
gnome-keyring-0.2.0-1

How reproducible:
Always

Steps to Reproduce:
1. start a gnome session
2. exit the session
3. come back hours or even days later, and log in as root or some
other user

Actual Results:  /usr/bin/gnome-keyring-daemon still running 

Expected Results:  /usr/bin/gnome-keyring-daemon exiting normally at
session-end

Additional info:

since this thing handles passwords I'm choosing 'security' for the
severity -- if this should be incorrect, please feel free to mod it
back down. I just think it should be looked at asap if it DOES
actually involve a potential security breach. I haven't actually tried
exploiting it myself -- to me it's just a cleanup annoyance, but I'd
think some intrepid individual would attempt to mess with it.

Comment 1 Alexander Larsson 2004-11-12 07:31:36 UTC
I've tried this with FC3, and the daemon goes away. I don't think
anything related to this has changed since FC2. How do you exit the
session?

Comment 2 Scott R. Godin 2004-11-12 18:06:44 UTC
I've watched my roommate do it. He just logs out normally from the
gnome-panel 'start' menu.

I've got FC3 on a test box as of yesterday, so I'll be playin' with it
for a bit over there too. Will let you know if I find anything. 

Comment 3 Sitsofe Wheeler 2004-12-01 09:40:53 UTC
With FC3 and gnome-keyring-0.4.0-1 we are seeing lots of this in the small room
of computers we have. There seem to be a group of programs that often hang about
after the X session has gone (e.g. bug 139372 , bug 140262 or bug 140874 ) but
gnome-keyring-daemon is a regular offendor.

If an strace of a still running gnome-keyring-daemon would help let me know.

Comment 4 Josh Bressers 2004-12-07 17:52:35 UTC
I'm removing the security severity on this issue.  If someone can show
that it's possible to leak passwords from this process hanging around,
please adjust the severity back to security.

Comment 5 Alexander Larsson 2004-12-08 03:28:16 UTC
I added some stuff in upstream cvs that should make this problem go
away. Its all in gnome 2.9 though.

Comment 6 Sitsofe Wheeler 2004-12-08 16:59:01 UTC
Comment #5:
Any chance that your new version can be built against FC3's Gnome 2.8?

Comment 7 Scott R. Godin 2004-12-09 07:00:02 UTC
...not to mention FC2's release-version 

Comment 8 Matthew Miller 2005-04-26 15:58:20 UTC
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 9 Sitsofe Wheeler 2006-06-06 18:56:52 UTC
I haven't seen this problem since upgrading to FC5 (may have been fixed in FC4
and I didn't notice though). If it was fixed in FC4, perhaps it should be marked
fixed CURRENTRELEASE?


Note You need to log in before you can comment on or make changes to this bug.