Package: mate-session-manager Version: 1.8.1-5 Severity: serious Hi,
Since upstream commit[1] 8a20baf39f781184d6126e0947e9fd4d9a115fab, mate-session-manager spawns gnome-keyring-daemon, with no option to turn it off, or pass arguments to it (such as --components). While this is bad in itself, it gets worse: keyring is spawned *after* the regular user-configured autostart programs are run. gnome-keyring's default set of components includes a GPG & a SSH agent and rightfully exports SSH_AUTH_SOCK and GPG_AGENT_INFO. Therefore, even if the user has configured their desktop to spawn the (more featureful and arguably more secure OpenSSH) ssh-agent or gpg-agent, it is impossible to use it, as gnome-keyring-daemon clobbers the these two environmental variables. In other words, mate-session indirectly & unconditionally clobbers environmental variables that in no way belong to it and actively preventing programs that own the namespace from using them. This is a severity: serious issue, IMO. Note that e.g. gdm3's default PAM configuration uses pam_gnome_keyring which calls gnome-keyring-daemon with the --daemonize --login options. This starts the daemon but does not initialize it; mate-sessions's execution with --start is what initializes it and exports these variables into the session's environment. Finally, note that MATE's default session autostart includes multiple GNOME Keyring entries, a different one for each keyring component, that can be individually be turned off and on. This is what GNOME used to do (maybe still does?) as well. I've yet to understand why mate-session also spawns it from its code as well. Regards, Faidon 1: https://github.com/mate-desktop/mate-session-manager/commit/8a20baf39f781184d6126e0947e9fd4d9a115fab -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
