Bug 148945 - gnome-keyring-d and ssh-agent keep running after logout
gnome-keyring-d and ssh-agent keep running after logout
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gnome-keyring (Show other bugs)
4.0
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Alexander Larsson
:
: 173356 (view as bug list)
Depends On:
Blocks: 234251 250096
  Show dependency treegraph
 
Reported: 2005-02-16 23:34 EST by Andrew D.
Modified: 2010-10-21 22:47 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2007-0773
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 11:06:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for gnome-keyring (1.30 KB, patch)
2005-12-15 08:04 EST, Alexander Larsson
no flags Details | Diff
Patch for gnome-sesson (2.10 KB, patch)
2005-12-15 08:05 EST, Alexander Larsson
no flags Details | Diff

  None (edit)
Description Andrew D. 2005-02-16 23:34:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4

Description of problem:
After logging out of gnome and logging back in, I notice that keyring
and ssh-agent from before are still running. With many logouts/logins
the number of processes grows.

Version-Release number of selected component (if applicable):
gnome-keyring-0.4.0-1, openssh-3.9p1-8.RHEL4.1

How reproducible:
Always

Steps to Reproduce:
1.log in with gnome
2.log out
3.log back in and do ps -u user
    

Actual Results:  gnome-keyring and ssh-agent from before are still
running along with new ones.

Expected Results:  only one instance of each (?)

Additional info:

I noticed this first with ssh-agent. I then created .xsession and
.bash_logout files to kill my ssh-agents when I logged out. Now I
notice it with keyring. Is it safe to kill these too at logout? I'm
flagging it as a security issue since these packages are related to
security.
Comment 1 Kostas Georgiou 2005-03-18 12:53:54 EST
Look at #134494 for the ssh-agent problems.
Comment 2 Eric Jones 2005-05-04 13:39:26 EDT
I don't notice this with gnome-keyring, but I have noticed that ssh-agent
continues to run and is re-executed at each login, so that after 4 days of
uptime I now have 8 ssh-agent's running.
Comment 3 Alexander Larsson 2005-12-15 08:04:20 EST
Created attachment 122278 [details]
Patch for gnome-keyring
Comment 4 Alexander Larsson 2005-12-15 08:05:11 EST
Created attachment 122279 [details]
Patch for gnome-sesson
Comment 5 Alexander Larsson 2005-12-15 08:08:18 EST
For the gnome-kerying part, I'm not sure exactly when this happens (it doesn't
always seems to happen). It was fixed in upstream CVS 2004/11/30 with the two
patches I attached above by slaving the keyring lifecycle to the X server
connection. 

I didn't test these two patches, but they should be tested via upstream in e.g. FC4.
Comment 6 Alexander Larsson 2005-12-15 08:12:15 EST
*** Bug 173356 has been marked as a duplicate of this bug. ***
Comment 12 Glenn Morris 2006-06-26 16:53:38 EDT
This bug still has status NEW over a year after being opened, and I still see it
in RHEL4.

I tried the fix in bug #134494 comment 37 for ssh-agent; however having Xsession
use ssh-agent to exec the session breaks things for me, because the setgid
ssh-agent unsets LD_LIBRARY_PATH. It doesn't seem exactly elegant to treat
LD_LIBRARY_PATH (and whatever other variables need preserving) in the same way
as TMPDIR in the #134494 patch.

Comment 21 Alexander Larsson 2007-05-02 09:38:45 EDT
The way I read this bug the users still haven't gotten packages with *both* the
two patches I posted here. To make sure this is the case, can you please build
and get the customer to test these exact packages:
http://people.redhat.com/~alexl/RPMS/keyring/gnome-keyring-0.4.0-1.1keyringlifetime.src.rpm
http://people.redhat.com/~alexl/RPMS/keyring/gnome-session-2.8.0-5.1keyringlifetime.src.rpm

Both packages must be installed, and then you must log out and make sure there
are no active gnome-sessions or gnome-keyring-daemons.
Comment 24 Alexander Larsson 2007-05-08 04:18:26 EDT
I put x86-64 packages at http://people.redhat.com/~alexl/RPMS/keyring/
Comment 25 Klaus Ethgen 2007-05-08 04:48:58 EDT
I made the following patch as quickfix for this problem. Please note that the 
ssh-agent has to be started *after* the dbus launch!

sed -i- -e '/^\[ -x \/usr\/bin\/ssh-agent/s/^/#/' -e '/^\[ -x \/usr\/bin\/dbus-
launch/a\\n# Missbrauch des DBUS_LAUNCH für ssh-agent\n[ -x /usr/bin/ssh-agent 
-a -z "$SSH_AGENT_PID" ] && DBUS_LAUNCH="$DBUS_LAUNCH /usr/bin/ssh-agent"\n' /
etc/X11/xinit/xinitrc-common

I see no reason why it take so long to get this fix (well, a bit more clear 
and not so crude) into the start script.
Comment 26 Alan Matsuoka 2007-05-09 12:03:19 EDT
 Hey,

On May 4th, Joe Kachuck passed along two packages you gave him to the customer
for testing.  The customer stated that he killed all gnome-session and
gnome-keyring-daemon process and updated the packages.  He's still seeing the issue.

I am attaching a fresh copy of his sysreport for you to examine.

--Chris 
Comment 28 Alexander Larsson 2007-05-10 04:55:53 EDT
I installed RHEL4 on a i386 machine (i have no x86-64). Pressing
ctrl-alt-backspace after login leaves the gnome-keyring-daemon around after the
session has died. However, after building and installing the packages above this
no longer happens.

Now, i don't have an x86-64 machine here to test on, but given the patches
involved are not really arch dependent I doubt it will make a difference. So, if
the patches don't fix things for the customer then they have to have some
specific problem that I can't really resolve. 

The patches I posted are what has been commited to upstream and has worked for
everyone upstream for quite some time. I find it really hard to believe that
they shouldn't work for this particular user.

Anyway, its hard for me to go any further with this.
Comment 29 Alexander Larsson 2007-05-10 04:57:32 EDT
Or maybe the problem was ssh-agent? My fix only applies to gnome-keyring-daemon,
ssh-agent is a different thing.
Comment 30 Matt Seitz 2007-05-14 16:47:33 EDT
Since Comment 29 indicates that the "gnome-keyring" problem and the "ssh-agent"
problem are actually two separate problems, I opened Bug 240069 to track the
"ssh-agent" problem.  I suggest changing this bug to just track the
"gnome-keyring" problem.
Comment 39 errata-xmlrpc 2007-11-15 11:06:40 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0773.html

Note You need to log in before you can comment on or make changes to this bug.