1. 27 Sep, 2021 1 commit
    • Simon McVittie's avatar
      daemon: Don't warn about CAP_IPC_LOCK if RLIMIT_MEMLOCK is enough · 4d443aea
      Simon McVittie authored
      
      
      If a distribution has set user processes' RLIMIT_MEMLOCK to be high
      enough, then there is no reason why gnome-keyring really needs to be
      setuid or have elevated filesystem capabilities. Silence the warning
      about insufficient capabilities in this case.
      
      In particular, giving gnome-keyring elevated capabilities is practically
      problematic because there is a desire to harden libraries like GLib and
      libdbus against processes that (inadvisably) use those libraries while
      they have genuinely abusable elevated capabilities, without first
      sanitizing the execution environment to protect themselves against
      being invoked by a malicious parent process. The mechanisms used to do
      this cannot distinguish between genuinely abusable elevated capabilities,
      like CAP_SYS_ADMIN, and elevated capabilities that are merely a
      denial-of-service vector, like CAP_IPC_LOCK - so they will tend to err
      on the side of caution and prevent gnome-keyring from accessing
      environment variables that it needs to do its job, such as
      DBUS_SESSION_BUS_ADDRESS and XDG_RUNTIME_DIR.
      
      Also, if a sysadmin is concerned about users carrying out a
      denial-of-service via locking abusive amounts of memory, they should
      be equally concerned about whether gnome-keyring can be induced to
      execute arbitrary code with CAP_IPC_LOCK (which it probably can, because
      it relies on desktop services like dbus-daemon and systemd --user that
      are under the unprivileged user's control).
      
      Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@debian.org>
      4d443aea
  2. 11 Aug, 2021 1 commit
  3. 30 Jun, 2021 1 commit
  4. 27 Apr, 2021 1 commit
  5. 14 Apr, 2021 1 commit
  6. 27 Mar, 2021 1 commit
  7. 26 Mar, 2021 7 commits
  8. 16 Mar, 2021 1 commit
  9. 24 Feb, 2021 1 commit
  10. 11 Feb, 2021 1 commit
  11. 13 Jan, 2021 1 commit
  12. 05 Jan, 2021 1 commit
  13. 21 Dec, 2020 1 commit
  14. 21 Nov, 2020 1 commit
    • Steven Grubb's avatar
      Update libcap-ng capability handling · ebc7bc9e
      Steven Grubb authored and Daiki Ueno's avatar Daiki Ueno committed
      There is a change in libcap-ng-0.8.1 that causes gnome-keyring to not
      work correctly. The capng_apply function now returns an error if it
      cannot change the bounding set. Previously this was ignored. Which means
      now gnome-keyring exits when it shouldn't.
      
      The new patch adds troubleshooting info to the error messages. And it checks
      to see if we have CAP_SETPCAP. If we do not, then we cannot change the
      bounding set and just set capabilities. On the setuid side, it now drops
      the bounding set and clears any supplemental groups that may be left over
      as an accident.
      ebc7bc9e
  15. 04 Oct, 2020 1 commit
  16. 28 Sep, 2020 1 commit
  17. 12 Sep, 2020 2 commits
  18. 22 Aug, 2020 1 commit
  19. 26 Jun, 2020 1 commit
  20. 10 Apr, 2020 1 commit
  21. 31 Mar, 2020 2 commits
  22. 18 Mar, 2020 1 commit
  23. 16 Mar, 2020 1 commit
  24. 13 Mar, 2020 1 commit
  25. 11 Mar, 2020 1 commit
  26. 10 Mar, 2020 1 commit
  27. 07 Mar, 2020 1 commit
  28. 03 Mar, 2020 1 commit
  29. 01 Mar, 2020 2 commits
  30. 28 Feb, 2020 1 commit
  31. 27 Feb, 2020 1 commit