[Bug 1023433] Re: UncryptedFileKeyring creates ~/keyring_pass.cfg world readable, ignores keyring-path

Marc Deslauriers marc.deslauriers at canonical.com
Fri Nov 30 14:03:25 UTC 2012 

http://www.ubuntu.com/usn/usn-1634-1/ updated python-keyring to a newer
version, which now stores keyrings in a sane location, with secure
permissions. Could you see if it solves the problems you were having?

** Changed in: python-keyring (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1023433

Title:
  UncryptedFileKeyring creates ~/keyring_pass.cfg world readable,
  ignores keyring-path

Status in “python-keyring” package in Ubuntu:
  Incomplete

Bug description:
  I'm using the following config:
  [backend]
  default-keyring=keyring.backend.UncryptedFileKeyring
  keyring-path=/home/ubuntu/xxx

  After using an application (python-novaclient) that uses python-
  keyring, I have a new file in ~/ named 'keyring_pass.cfg'

  $ ls -altr ~/keyring_pass.cfg 
  -rw-r--r-- 1 ubuntu ubuntu 235 Jul 11 14:24 /home/ubuntu/keyring_pass.cfg

  There are 2 bugs there
  a.) keyring-path is entirely ignored.
  b.) keyring_pass.cfg is created with world readable permissions.

  This is easily worked around by first creating the file with lower permissions.  Ie:
     ( umask 066 && : > ~/keyring_pass.cfg )

  I realize that UncryptedFileKeyring is really not intended to be used
  for anything significant, but that doesn't mean it should store world
  readable sensitive data by default.

  Also, I expected that keyring-path would affect which file was written
  to.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: python-keyring 0.7.1-1fakesync1 [modified: usr/share/pyshared/keyring/core.py]
  ProcVersionSignature: User Name 3.2.0-25.40-virtual 3.2.18
  Uname: Linux 3.2.0-25-virtual x86_64
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Wed Jul 11 14:18:38 2012
  PackageArchitecture: all
  ProcEnviron:
   TERM=screen
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: python-keyring
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1023433/+subscriptions

More information about the foundations-bugs mailing list