Attempting to mount a file volume twice will delete the stored password
Submitted by Mike Auty
Assigned to gvf..@..e.bugs
Link to original bug (#730759)
Description
Using gnome-disk-image-mounter on a file will cause a loopback device to be created. If the loopback device had LUKS on it, it will ask for a password that can be remembered. Saving the password records the gvfs-luks-uuid in gnome-keyring.
Once the device has been unlocked and mounted, attempting to mount it again using gnome-disk-image-mounter will not warn you that the volume is already mounted, or use the previous password, but instead create a second loopback device and delete/wipe/forget the previous password. Even if this dialog is then cancelled, the previous password has already been removed, which could cause users who accidentally attempt to double mount a file severe data loss if they can't remember their previous passwords (expecting them to be faithfully saved).
I'm not sure whether this should be a gnome-keyring issue about how easily a program can delete/overwrite stored passwords, or whether it's an issue of gnome-disk-utility in particular, but I figured this one definitely needed fixing and gnome-keyring would need further discussion.
Steps to recreate:
- Make sure some extension like .volume is associated with gnome-disk-image-mounter.
- Create a new LUKS volume somehow, and give it a .volume file extension.
- Start gnome-keyring next to nautilus so you can see both side-by-side.
- Double click the file to attempt mounting it, a box with "Enter password for /dev/loop0" will appear.
- Enter the correct password, ensure the save password box is ticked, and hit ok.
- See the password entry appear in gnome-keyring, stored with the gvfs-luks-uuid to identify it.
- Double click the same .volume file with it already mounted.
- See the dialog box asking for the password for /dev/loop1 appear, and in the background see the password having been removed from gnome-keyring (despite it being the same volume and thus the same gvfs-luks-uuid), even before the enter password dialog box has had a response.