Package: gcr Version: 3.41.1-1 Severity: important It looks like some secrets are leaking from the gcr program into my system logs. I see this when GnuPG triggers a password prompt:
sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: creating new GcrPromptDialog prompt sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: automatically selecting secret exchange protocol sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: generating public key sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=[REDACTED]\n sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: closing the prompt sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p0@:1.40 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p0@:1.40, and ignoring reply sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: creating new GcrPromptDialog prompt sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: automatically selecting secret exchange protocol sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: generating public key sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: beginning the secret exchange: [sx-aes-1]\npublic=[REDACTED]\n sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: receiving secret exchange: [sx-aes-1]\npublic=[REDACTED]\n sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: deriving shared transport key sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: deriving transport key sep 01 13:45:47 emma gcr-prompter[7681]: Gcr: starting password prompt for callback /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: completed password prompt for callback :1.42@/org/gnome/keyring/Prompt/p1 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: encrypting data sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: sending the secret exchange: [sx-aes-1]\npublic=[REDACTED]\n sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: closing the prompt sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p1@:1.42 sep 01 13:45:49 emma gcr-prompter[7681]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p1@:1.42, and ignoring reply sep 01 13:45:59 emma gcr-prompter[7681]: Gcr: 10 second inactivity timeout, quitting sep 01 13:45:59 emma gcr-prompter[7681]: Gcr: unregistering prompter sep 01 13:45:59 emma gcr-prompter[7681]: Gcr: disposing prompter sep 01 13:45:59 emma gcr-prompter[7681]: Gcr: finalizing prompter The bits marked [REDACTED] actually contains what looks like some sort of secret key. I am not familiar with how this program works, but this looks like a bad idea to write that in logs. I'm using a weird desktop here: i3wm started from systemd, with *some* GNOME bits (e.g. network-manager and nm-applet, for example). -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-4-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gcr depends on: ii dbus-user-session [default-dbus-session-bus] 1.14.0-2 ii dbus-x11 [dbus-session-bus] 1.14.0-2 ii dconf-gsettings-backend [gsettings-backend] 0.40.0-3 ii init-system-helpers 1.64 ii libc6 2.34-4 ii libgck-1-0 3.41.1-1 ii libgcr-base-3-1 3.41.1-1 ii libgcr-ui-3-1 3.41.1-1 ii libglib2.0-0 2.72.3-1+b1 ii libgtk-3-0 3.24.34-3 ii libsecret-1-0 0.20.5-2 ii libsystemd0 251.3-1 gcr recommends no packages. gcr suggests no packages. -- no debconf information
