Package: gnome-keyring Version: 2.22.0-2 Severity: important Steps to reproduce: # ssh-add -l 1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX # ssh-add -D All identities removed. # ssh-add -l 1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
I am still able to log in with this key afterwards. This is a security issue since gnome-keyring-daemon seems to have transparently taken over ssh-agent. One might think he's key is unloaded after a ssh-add -D while it's not. I cannot even find a way to remove the key in gnome-keyring-manager GUI. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gnome-keyring depends on: ii gconf2 2.22.0-1 GNOME configuration database syste ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit ii libc6 2.7-9 GNU C Library: Shared libraries ii libcairo2 1.4.14-1 The Cairo 2D vector graphics libra ii libdbus-1-3 1.1.20-1 simple interprocess messaging syst ii libgconf2-4 2.22.0-1 GNOME configuration database syste ii libgcrypt11 1.4.0-3 LGPL Crypto library - runtime libr ii libglib2.0-0 2.16.1-2 The GLib library of C routines ii libgtk2.0-0 2.12.9-2 The GTK+ graphical user interface ii libhal-storage1 0.5.11~rc2-1 Hardware Abstraction Layer - share ii libhal1 0.5.11~rc2-1 Hardware Abstraction Layer - share ii libpango1.0-0 1.20.0-1 Layout and rendering of internatio ii libtasn1-3 1.3-1 Manage ASN.1 structures (runtime) Versions of packages gnome-keyring recommends: ii libpam-gnome-keyring 2.22.0-2 PAM module to unlock the GNOME key -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
