This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 146966 - Keyring loses integrity over time
Keyring loses integrity over time
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: gnupg (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Mike McLean
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-02 20:56 EST by Matthew Garrett
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-07 07:46:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Matthew Garrett 2005-02-02 20:56:29 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20050105 Epiphany/1.4.7

Description of problem:
RH keyring provided in small cardboard box labelled "Reflects Cable
Keyring, matt, art 10001" consists of a single cable looped around
with both ends passing through a small silver metal fob with the Red
Hat logo. The cable ends are secured with small screw caps - removing
the screw caps allows the cable to pass through the fob, which in turn
allows keys to be added or removed.

Due to a lack of friction between the screw caps, the cable and the
fob, over time the screw caps become loose. If the keyring is then
removed from the user's pocket, the screw cap will detach and the
keyring will suffer a violent loss of integrity. The user's private
keys may then be strewn around the surrounding area. This public
availability of private keys has obvious security implications.

Suggested fix:

Increased integrity of screw caps

Version-Release number of selected component (if applicable):


How reproducible:
Sometimes

Steps to Reproduce:
1. Place keys on keyring
2. Place keyring in pocket

    

Actual Results:  Keys located on ground. In dark conditions, recovery
of keys may be difficult.

Expected Results:  Keyring integrity maintained, keys kept in usable state

Additional info:

Tested with two different keyrings. Equally reproducible. No reason to
suspect user error.
Comment 1 Josh Bressers 2005-02-07 07:46:13 EST
This problem has nothing to do with gnupg.

Note You need to log in before you can comment on or make changes to this bug.