Xfce Forum

Sub domains
 

You are not logged in.

#1 2013-09-26 09:12:20

lw1471
Member
Registered: 2013-09-11
Posts: 10

Default.keyring too easily accessible?

I don't know if this is part of Xfce or distro-specific, or a general Linux file, but I am a bit concerned that /home/username/.local/share/keyrings/Default.keyring has some pretty sensitive data in, in plain view, seeming at odds with the general view of Linux security. It would be of use admittedly only to a rare Linux-literate thief but it still bugs me. Have I missed something? Could/shouldn't this file be locked/encrypted so it can't just be opened, even from a live CD etc? What can be done? Encrypting a whole /home folder seems extreme and like it would be a hassle. (Would it remain encrypted to someone with a live CD?)

Currently trying Xubuntu 13..04 64 bit.

Last edited by lw1471 (2013-09-26 16:15:05)

Offline

#2 2013-09-29 04:58:20

Jristz
Member
From: Sud-America
Registered: 2011-06-02
Posts: 111

Re: Default.keyring too easily accessible?

aparenytly this is from libgnome-keyring
that is the problem Gnome, if I not instal it none is stored here


XFCE :: Arch Linux
:: AMD E-300 APU with Radeon(tm) HD Graphics @ 1300 MHz
:: Advanced Micro Devices, Inc. [AMD/ATI] Wrestler [Radeon HD 6310]
:: LED with aspect ration of 16:9 in 14.0'' (1366x768) [Radeon driver]

Offline

#3 2013-09-29 10:12:01

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 10,949

Re: Default.keyring too easily accessible?

In Xubuntu 13.10 (beta 2), I don't have a Default.keyring file.

toz@xubuntu1310:~/.local/share/keyrings$ ls
login.keyring  user.keystore

Both of those files appear to be encrypted.


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#4 2013-09-30 10:47:05

lw1471
Member
Registered: 2013-09-11
Posts: 10

Re: Default.keyring too easily accessible?

Yes some people in another forum also say the same thing. I wonder why the file is not encrypted on my machines. I'm going to try to uninstall libgnome-keyring but Chromium seems to gripe (where Firefox doesn't) if Default.keyring is simply deleted. Presumably Chromium can store passwords within its own configuration and / files.

Actually I've looked now and it looks like too much other stuff will be taken with the gnome-keyring items including Banshee and Chromium. I'll see what 13.10 is like otherwise I'm going to move to another Xfce distro.

Offline

Board footer

Powered by FluxBB