Bug 148945 - gnome-keyring-d and ssh-agent keep running after logout
gnome-keyring-d and ssh-agent keep running after logout
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gnome-keyring (Show other bugs)
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Alexander Larsson
: 173356 (view as bug list)
Depends On:
Blocks: 234251 250096
  Show dependency treegraph
Reported: 2005-02-16 23:34 EST by Andrew D.
Modified: 2010-10-21 22:47 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2007-0773
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-15 11:06:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch for gnome-keyring (1.30 KB, patch)
2005-12-15 08:04 EST, Alexander Larsson
no flags Details | Diff
Patch for gnome-sesson (2.10 KB, patch)
2005-12-15 08:05 EST, Alexander Larsson
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0773 normal SHIPPED_LIVE gnome-keyring bug fix update 2007-11-14 12:14:43 EST

  None (edit)
Description Andrew D. 2005-02-16 23:34:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4

Description of problem:
After logging out of gnome and logging back in, I notice that keyring
and ssh-agent from before are still running. With many logouts/logins
the number of processes grows.

Version-Release number of selected component (if applicable):
gnome-keyring-0.4.0-1, openssh-3.9p1-8.RHEL4.1

How reproducible:

Steps to Reproduce:
1.log in with gnome
2.log out
3.log back in and do ps -u user

Actual Results:  gnome-keyring and ssh-agent from before are still
running along with new ones.

Expected Results:  only one instance of each (?)

Additional info:

I noticed this first with ssh-agent. I then created .xsession and
.bash_logout files to kill my ssh-agents when I logged out. Now I
notice it with keyring. Is it safe to kill these too at logout? I'm
flagging it as a security issue since these packages are related to
Comment 1 Kostas Georgiou 2005-03-18 12:53:54 EST
Look at #134494 for the ssh-agent problems.
Comment 2 Eric Jones 2005-05-04 13:39:26 EDT
I don't notice this with gnome-keyring, but I have noticed that ssh-agent
continues to run and is re-executed at each login, so that after 4 days of
uptime I now have 8 ssh-agent's running.
Comment 3 Alexander Larsson 2005-12-15 08:04:20 EST
Created attachment 122278 [details]
Patch for gnome-keyring
Comment 4 Alexander Larsson 2005-12-15 08:05:11 EST
Created attachment 122279 [details]
Patch for gnome-sesson
Comment 5 Alexander Larsson 2005-12-15 08:08:18 EST
For the gnome-kerying part, I'm not sure exactly when this happens (it doesn't
always seems to happen). It was fixed in upstream CVS 2004/11/30 with the two
patches I attached above by slaving the keyring lifecycle to the X server

I didn't test these two patches, but they should be tested via upstream in e.g. FC4.
Comment 6 Alexander Larsson 2005-12-15 08:12:15 EST
*** Bug 173356 has been marked as a duplicate of this bug. ***
Comment 12 Glenn Morris 2006-06-26 16:53:38 EDT
This bug still has status NEW over a year after being opened, and I still see it
in RHEL4.

I tried the fix in bug #134494 comment 37 for ssh-agent; however having Xsession
use ssh-agent to exec the session breaks things for me, because the setgid
ssh-agent unsets LD_LIBRARY_PATH. It doesn't seem exactly elegant to treat
LD_LIBRARY_PATH (and whatever other variables need preserving) in the same way
as TMPDIR in the #134494 patch.

Comment 21 Alexander Larsson 2007-05-02 09:38:45 EDT
The way I read this bug the users still haven't gotten packages with *both* the
two patches I posted here. To make sure this is the case, can you please build
and get the customer to test these exact packages:

Both packages must be installed, and then you must log out and make sure there
are no active gnome-sessions or gnome-keyring-daemons.
Comment 24 Alexander Larsson 2007-05-08 04:18:26 EDT
I put x86-64 packages at http://people.redhat.com/~alexl/RPMS/keyring/
Comment 25 Klaus Ethgen 2007-05-08 04:48:58 EDT
I made the following patch as quickfix for this problem. Please note that the 
ssh-agent has to be started *after* the dbus launch!

sed -i- -e '/^\[ -x \/usr\/bin\/ssh-agent/s/^/#/' -e '/^\[ -x \/usr\/bin\/dbus-
launch/a\\n# Missbrauch des DBUS_LAUNCH für ssh-agent\n[ -x /usr/bin/ssh-agent 
-a -z "$SSH_AGENT_PID" ] && DBUS_LAUNCH="$DBUS_LAUNCH /usr/bin/ssh-agent"\n' /

I see no reason why it take so long to get this fix (well, a bit more clear 
and not so crude) into the start script.
Comment 26 Alan Matsuoka 2007-05-09 12:03:19 EDT

On May 4th, Joe Kachuck passed along two packages you gave him to the customer
for testing.  The customer stated that he killed all gnome-session and
gnome-keyring-daemon process and updated the packages.  He's still seeing the issue.

I am attaching a fresh copy of his sysreport for you to examine.

Comment 28 Alexander Larsson 2007-05-10 04:55:53 EDT
I installed RHEL4 on a i386 machine (i have no x86-64). Pressing
ctrl-alt-backspace after login leaves the gnome-keyring-daemon around after the
session has died. However, after building and installing the packages above this
no longer happens.

Now, i don't have an x86-64 machine here to test on, but given the patches
involved are not really arch dependent I doubt it will make a difference. So, if
the patches don't fix things for the customer then they have to have some
specific problem that I can't really resolve. 

The patches I posted are what has been commited to upstream and has worked for
everyone upstream for quite some time. I find it really hard to believe that
they shouldn't work for this particular user.

Anyway, its hard for me to go any further with this.
Comment 29 Alexander Larsson 2007-05-10 04:57:32 EDT
Or maybe the problem was ssh-agent? My fix only applies to gnome-keyring-daemon,
ssh-agent is a different thing.
Comment 30 Matt Seitz 2007-05-14 16:47:33 EDT
Since Comment 29 indicates that the "gnome-keyring" problem and the "ssh-agent"
problem are actually two separate problems, I opened Bug 240069 to track the
"ssh-agent" problem.  I suggest changing this bug to just track the
"gnome-keyring" problem.
Comment 39 errata-xmlrpc 2007-11-15 11:06:40 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.