Bug#775189: mate-session spawns gnome-keyring unconditionally
HI Infirit, hi Faidon, On Mo 12 Jan 2015 21:25:47 CET, infirit wrote: On Mon, 12 Jan 2015 13:37:29 + Mike Gabriel mike.gabr...@das-netzwerkteam.de wrote: On Mo 12 Jan 2015 13:38:40 CET, Faidon Liambotis wrote: Since upstream commit[1] 8a20baf39f781184d6126e0947e9fd4d9a115fab, mate-session-manager spawns gnome-keyring-daemon, with no option to turn it off, or pass arguments to it (such as --components). While this is bad in itself, it gets worse: keyring is spawned *after* the regular user-configured autostart programs are run. gnome-keyring's default set of components includes a GPG a SSH agent and rightfully exports SSH_AUTH_SOCK and GPG_AGENT_INFO. The gnome compat code is one of the first things to run, even before the main manager is started that handles autostart. I am surpised you see it being run after autostart... Start mate-session with --debug and look for MsmGnome in the log to see when it is run. The clobbering could be disabled via gconf in GNOMEv2 and I am pretty sure there is something similar possible by manipulating with dconf-editor. There is no way to disable it atm other than removing gnome-keyring. The reason it is run this way is that MATE relies on gnome-keyring/libsecret instead of the forked 2.32 versions. And as gnome-keyring does not export the env variables we run gnome-keyring which outputs the variables that mate-session then exports them before autostarting the wm, desktop etc etc.. Attached is a preliminary patch that uses a gsettings key to determine which parts of the gnome compat should be started. Modify the list in gnome-compat-startup and remove the 'keyring' value. This should stop the clobbering of the variables. ~infirit I have tested infirit's patch and it seems to work, at least for the gnome-keyring part. I could not manage to find gnome-smproxy in Debian, so I presume that part of the switch is useless, but relevant to other distros, probably. I will proceed with retrieving an unblock confirmation for planned upload of mate-session-manager 1.8.1-6 which will fix this issue. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgptxI7iWUq1z.pgp Description: Digitale PGP-Signatur
Bug#775189: mate-session spawns gnome-keyring unconditionally
Hi Faidon, On Mo 12 Jan 2015 13:38:40 CET, Faidon Liambotis wrote: Since upstream commit[1] 8a20baf39f781184d6126e0947e9fd4d9a115fab, mate-session-manager spawns gnome-keyring-daemon, with no option to turn it off, or pass arguments to it (such as --components). While this is bad in itself, it gets worse: keyring is spawned *after* the regular user-configured autostart programs are run. gnome-keyring's default set of components includes a GPG a SSH agent and rightfully exports SSH_AUTH_SOCK and GPG_AGENT_INFO. This already was an issue with gnome-keyring in GNOMEv2. Therefore, even if the user has configured their desktop to spawn the (more featureful and arguably more secure OpenSSH) ssh-agent or gpg-agent, it is impossible to use it, as gnome-keyring-daemon clobbers the these two environmental variables. The clobbering could be disabled via gconf in GNOMEv2 and I am pretty sure there is something similar possible by manipulating with dconf-editor. Note that e.g. gdm3's default PAM configuration uses pam_gnome_keyring which calls gnome-keyring-daemon with the --daemonize --login options. This starts the daemon but does not initialize it; mate-sessions's execution with --start is what initializes it and exports these variables into the session's environment. Finally, note that MATE's default session autostart includes multiple GNOME Keyring entries, a different one for each keyring component, that can be individually be turned off and on. This is what GNOME used to do (maybe still does?) as well. I've yet to understand why mate-session also spawns it from its code as well. In mate-session there is some extra code that makes sure gnome-keyring has been launched because there were times when gnome-keyring would not launch for MATE, but only for GNOMEv3 (OnlyShowin=GNOME;Unity;). It may be an option for Debian jessie to remove that bit of extra code from mate-session, but I would like to get some feedback from Stefano or Sandwer (upstream devs of MATE). Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpfGx0uBV8jv.pgp Description: Digitale PGP-Signatur
Bug#775189: mate-session spawns gnome-keyring unconditionally
Package: mate-session-manager Version: 1.8.1-5 Severity: serious Hi, Since upstream commit[1] 8a20baf39f781184d6126e0947e9fd4d9a115fab, mate-session-manager spawns gnome-keyring-daemon, with no option to turn it off, or pass arguments to it (such as --components). While this is bad in itself, it gets worse: keyring is spawned *after* the regular user-configured autostart programs are run. gnome-keyring's default set of components includes a GPG a SSH agent and rightfully exports SSH_AUTH_SOCK and GPG_AGENT_INFO. Therefore, even if the user has configured their desktop to spawn the (more featureful and arguably more secure OpenSSH) ssh-agent or gpg-agent, it is impossible to use it, as gnome-keyring-daemon clobbers the these two environmental variables. In other words, mate-session indirectly unconditionally clobbers environmental variables that in no way belong to it and actively preventing programs that own the namespace from using them. This is a severity: serious issue, IMO. Note that e.g. gdm3's default PAM configuration uses pam_gnome_keyring which calls gnome-keyring-daemon with the --daemonize --login options. This starts the daemon but does not initialize it; mate-sessions's execution with --start is what initializes it and exports these variables into the session's environment. Finally, note that MATE's default session autostart includes multiple GNOME Keyring entries, a different one for each keyring component, that can be individually be turned off and on. This is what GNOME used to do (maybe still does?) as well. I've yet to understand why mate-session also spawns it from its code as well. Regards, Faidon 1: https://github.com/mate-desktop/mate-session-manager/commit/8a20baf39f781184d6126e0947e9fd4d9a115fab -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775189: mate-session spawns gnome-keyring unconditionally
On Mon, 12 Jan 2015 13:37:29 + Mike Gabriel mike.gabr...@das-netzwerkteam.de wrote: On Mo 12 Jan 2015 13:38:40 CET, Faidon Liambotis wrote: Since upstream commit[1] 8a20baf39f781184d6126e0947e9fd4d9a115fab, mate-session-manager spawns gnome-keyring-daemon, with no option to turn it off, or pass arguments to it (such as --components). While this is bad in itself, it gets worse: keyring is spawned *after* the regular user-configured autostart programs are run. gnome-keyring's default set of components includes a GPG a SSH agent and rightfully exports SSH_AUTH_SOCK and GPG_AGENT_INFO. The gnome compat code is one of the first things to run, even before the main manager is started that handles autostart. I am surpised you see it being run after autostart... Start mate-session with --debug and look for MsmGnome in the log to see when it is run. The clobbering could be disabled via gconf in GNOMEv2 and I am pretty sure there is something similar possible by manipulating with dconf-editor. There is no way to disable it atm other than removing gnome-keyring. The reason it is run this way is that MATE relies on gnome-keyring/libsecret instead of the forked 2.32 versions. And as gnome-keyring does not export the env variables we run gnome-keyring which outputs the variables that mate-session then exports them before autostarting the wm, desktop etc etc.. Attached is a preliminary patch that uses a gsettings key to determine which parts of the gnome compat should be started. Modify the list in gnome-compat-startup and remove the 'keyring' value. This should stop the clobbering of the variables. ~infirit From 38334a705a479b60c54f2481a14751bd41deeffb Mon Sep 17 00:00:00 2001 From: infirit infi...@gmail.com Date: Mon, 12 Jan 2015 20:38:42 +0100 Subject: [PATCH 1/1] msmgnome: Allow users to disable one or both compatibility options --- data/org.mate.session.gschema.xml.in.in | 5 mate-session/msm-gnome.c| 41 + 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/data/org.mate.session.gschema.xml.in.in b/data/org.mate.session.gschema.xml.in.in index 2415c67..14e8da4 100644 --- a/data/org.mate.session.gschema.xml.in.in +++ b/data/org.mate.session.gschema.xml.in.in @@ -30,6 +30,11 @@ _summaryRequired session components/_summary _descriptionList of components that are required as part of the session. (Each element names a key under /org/mate/desktop/session/required_components). The Startup Applications preferences tool will not normally allow users to remove a required component from the session, and the session manager will automatically add the required components back to the session at login time if they do get removed./_description /key +key name=gnome-compat-startup type=as + default[ 'keyring', 'smproxy' ]/default + _summaryControl gnome compatibility componnent startup/_summary + _descriptionControl which compatibility components to start./_description +/key child name=required-components schema=org.mate.session.required-components/ /schema schema id=org.mate.session.required-components path=/org/mate/desktop/session/required-components/ diff --git a/mate-session/msm-gnome.c b/mate-session/msm-gnome.c index 661d9e3..72f5493 100644 --- a/mate-session/msm-gnome.c +++ b/mate-session/msm-gnome.c @@ -37,9 +37,13 @@ #include gtk/gtk.h #include gdk/gdkx.h +#include gio/gio.h #include msm-gnome.h +#define GSM_SCHEMA org.mate.session +#define GSM_GNOME_COMPAT_STARTUP_KEY gnome-compat-startup + #define GNOME_KEYRING_DAEMON gnome-keyring-daemon @@ -231,16 +235,43 @@ msm_compat_gnome_smproxy_shutdown (void) void msm_gnome_start (void) { + GSettings* settings; + gchar **array; + GList *startup = NULL; + gint i; + if (gnome_compat_started == TRUE) return; - g_debug (MsmGnome: starting); - - msm_compat_gnome_smproxy_startup (); + settings = g_settings_new (GSM_SCHEMA); + array = g_settings_get_strv (settings, GSM_GNOME_COMPAT_STARTUP_KEY); + if (array) { +for (i = 0; array[i]; i++) { + startup = g_list_append (startup, g_strdup (array[i])); +} + } + g_strfreev (array); + g_object_unref (settings); + + if (startup != NULL) { +if (g_list_find_custom (startup, smproxy, (GCompareFunc) strcmp) != NULL) { + g_debug (MsmGnome: starting smproxy); + msm_compat_gnome_smproxy_startup (); + gnome_compat_started = TRUE; +} else if (g_list_find_custom (startup, keyring, (GCompareFunc) strcmp) != NULL) { + g_debug (MsmGnome: starting keyring); + gnome_keyring_daemon_startup (); + gnome_compat_started = TRUE; +} else { + g_debug (MsmGnome: unknown component, ignoring); +} - gnome_keyring_daemon_startup (); + g_list_foreach (startup, (GFunc) g_free, NULL); + g_list_free (startup); - gnome_compat_started = TRUE; + } else { +g_debug (MsmGnome: No components found to start); +