Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Oct 2024 06:53:57 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 282005] security/gnome-keyring - the race between pam.xdg.so prevents it from loading keys on login
Message-ID:  <bug-282005-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282005

            Bug ID: 282005
           Summary: security/gnome-keyring - the race between pam.xdg.so
                    prevents it from loading keys on login
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: zarychtam@plan-b.pwste.edu.pl

After introducing pam_xdg.so some things got broken, it's for example,
pam_gnome_keyring, more breakages could be spotted*. After investigating the
logs, it became obvious that some kind of race between pam_xdg and
pam_gnome_keyring occurs on login:

Oct 11 08:38:45 fomalhaut gnome-keyring-daemon[4974]: couldn't access contr=
ol
socket: /var/run/user/1001/keyring/control: No such file or directory

On this machine x11/slim is used as the login manager. The configuration of
pam(3) is provided below.

# cat /usr/local/etc/pam.d/slim
auth            include         system
auth            optional        /usr/local/lib/pam_gnome_keyring.so
account         include         system
session         include         system
session         optional        /usr/local/lib/pam_gnome_keyring.so auto_st=
art
password        include         system
# cat /etc/pam.d/system=20
#
#
# System-wide defaults
#

# auth
#auth           sufficient      pam_krb5.so             no_warn try_first_p=
ass
#auth           sufficient      pam_ssh.so              no_warn try_first_p=
ass
auth            required        pam_unix.so             no_warn try_first_p=
ass
nullok

# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so              want_agent
session         required        pam_lastlog.so          no_fail
session         required        pam_xdg.so

# password
#password       sufficient      pam_krb5.so             no_warn try_first_p=
ass
password        required        pam_unix.so             no_warn try_first_p=
ass


* - at a glance another victim is PulseAudio:
pulseaudio[4747]: [] core-util.c: Failed to create secure directory
(/var/run/user/1001/pulse): No such file or directory

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-282005-227>