+++ This bug was initially created as a clone of Bug #148945 +++ The original bug report was about both gnome-keyring and ssh-agent. It now appears these are two different problems. To avoid confusion, I am opening this case to track just the ssh-agent problem. From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4 Description of problem: After logging out of gnome and logging back in, I notice that keyring and ssh-agent from before are still running. With many logouts/logins the number of processes grows. Version-Release number of selected component (if applicable): gnome-keyring-0.4.0-1, openssh-3.9p1-8.RHEL4.1 How reproducible: Always Steps to Reproduce: 1.log in with gnome 2.log out 3.log back in and do ps -u user Actual Results: gnome-keyring and ssh-agent from before are still running along with new ones. Expected Results: only one instance of each (?) Additional info: I noticed this first with ssh-agent. I then created .xsession and .bash_logout files to kill my ssh-agents when I logged out. Now I notice it with keyring. Is it safe to kill these too at logout? I'm flagging it as a security issue since these packages are related to security. -- Additional comment from k.georgiou.uk on 2005-03-18 12:53 EST -- Look at #134494 for the ssh-agent problems. -- Additional comment from enjones on 2005-05-04 13:39 EST -- I don't notice this with gnome-keyring, but I have noticed that ssh-agent continues to run and is re-executed at each login, so that after 4 days of uptime I now have 8 ssh-agent's running. -- Additional comment from alexl on 2005-12-15 08:04 EST -- Created an attachment (id=122278) Patch for gnome-keyring -- Additional comment from alexl on 2005-12-15 08:05 EST -- Created an attachment (id=122279) Patch for gnome-sesson -- Additional comment from alexl on 2005-12-15 08:08 EST -- For the gnome-kerying part, I'm not sure exactly when this happens (it doesn't always seems to happen). It was fixed in upstream CVS 2004/11/30 with the two patches I attached above by slaving the keyring lifecycle to the X server connection. I didn't test these two patches, but they should be tested via upstream in e.g. FC4. -- Additional comment from alexl on 2005-12-15 08:12 EST -- *** Bug 173356 has been marked as a duplicate of this bug. *** -- Additional comment from gmorris.edu on 2006-06-26 16:53 EST -- This bug still has status NEW over a year after being opened, and I still see it in RHEL4. I tried the fix in bug #134494 comment 37 for ssh-agent; however having Xsession use ssh-agent to exec the session breaks things for me, because the setgid ssh-agent unsets LD_LIBRARY_PATH. It doesn't seem exactly elegant to treat LD_LIBRARY_PATH (and whatever other variables need preserving) in the same way as TMPDIR in the #134494 patch. -- Additional comment from alexl on 2007-05-02 09:38 EST -- The way I read this bug the users still haven't gotten packages with *both* the two patches I posted here. To make sure this is the case, can you please build and get the customer to test these exact packages: http://people.redhat.com/~alexl/RPMS/keyring/gnome-keyring-0.4.0-1.1keyringlifetime.src.rpm http://people.redhat.com/~alexl/RPMS/keyring/gnome-session-2.8.0-5.1keyringlifetime.src.rpm Both packages must be installed, and then you must log out and make sure there are no active gnome-sessions or gnome-keyring-daemons. -- Additional comment from alexl on 2007-05-08 04:18 EST -- I put x86-64 packages at http://people.redhat.com/~alexl/RPMS/keyring/ -- Additional comment from Klaus on 2007-05-08 04:48 EST -- I made the following patch as quickfix for this problem. Please note that the ssh-agent has to be started *after* the dbus launch! sed -i- -e '/^\[ -x \/usr\/bin\/ssh-agent/s/^/#/' -e '/^\[ -x \/usr\/bin\/dbus- launch/a\\n# Missbrauch des DBUS_LAUNCH für ssh-agent\n[ -x /usr/bin/ssh-agent -a -z "$SSH_AGENT_PID" ] && DBUS_LAUNCH="$DBUS_LAUNCH /usr/bin/ssh-agent"\n' / etc/X11/xinit/xinitrc-common I see no reason why it take so long to get this fix (well, a bit more clear and not so crude) into the start script. -- Additional comment from alanm on 2007-05-09 12:03 EST -- Hey, On May 4th, Joe Kachuck passed along two packages you gave him to the customer for testing. The customer stated that he killed all gnome-session and gnome-keyring-daemon process and updated the packages. He's still seeing the issue. I am attaching a fresh copy of his sysreport for you to examine. --Chris -- Additional comment from alexl on 2007-05-10 04:55 EST -- I installed RHEL4 on a i386 machine (i have no x86-64). Pressing ctrl-alt-backspace after login leaves the gnome-keyring-daemon around after the session has died. However, after building and installing the packages above this no longer happens. Now, i don't have an x86-64 machine here to test on, but given the patches involved are not really arch dependent I doubt it will make a difference. So, if the patches don't fix things for the customer then they have to have some specific problem that I can't really resolve. The patches I posted are what has been commited to upstream and has worked for everyone upstream for quite some time. I find it really hard to believe that they shouldn't work for this particular user. Anyway, its hard for me to go any further with this. -- Additional comment from alexl on 2007-05-10 04:57 EST -- Or maybe the problem was ssh-agent? My fix only applies to gnome-keyring-daemon, ssh-agent is a different thing.
This has to be changed in the xinitrc scripts - either the ssh-agent must run the session (which brings the LD_LIBRARY_PATH problem as in bug 164869) or something in the X init scripts has to explicitely kill it when the session ends.
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.