Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 149788

Summary: nautilus 2.16 w/ keyring mentions /var/tmp/portage/...
Product: Gentoo Linux Reporter: Colin Macdonald <cbm>
Component: [OLD] GNOMEAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: 2006.1   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 132627    
Attachments: nautilus-keyring.png

Description Colin Macdonald 2006-10-01 16:31:51 UTC
When I try to use nautilus to connect to a remove ssh server, it uses the gnome keyring stuff to store the password.  The keyring app (is this seahorse?) pops up a dialog asking whether "/var/tmp/portage/.../nautilus (deleted)" should be allowed access to my password in the keyring.  This is cosmetically bad because of the /var/tmp/portage stuff and the "(deleted)" part could scare a user into thinking something bad was happening.

I also wonder if this could be exploited if another user were to create /var/tmp/portage/...blah.../nautilus and then ask it to get a password from my keyring.    This dialog would then pop up on my screen and because I've gotten used to seeing this dialog when nautilus legitemately needs the password, I would likely click "allow".
Comment 1 Colin Macdonald 2006-10-01 16:32:24 UTC
Created attachment 98566 [details]
nautilus-keyring.png
Comment 2 Daniel Gryniewicz (RETIRED) gentoo-dev 2006-11-15 08:52:57 UTC
I just tested this, and it said "/usr/bin/nautilus".  I have 2.16.1.  Can you re-test with 2.16.1?
Comment 3 Colin Macdonald 2006-11-17 00:48:07 UTC
Indeed it seems fixed (I'm having some trouble getting nautilus to forget the passwords long enough to reproduce that dialog but other similar dialogs don't have /var/tmp in them).  Closing fixed, I'll reopen if I ever see it again.