Changelog
gnome-keyring (40.0-3) unstable; urgency=medium
* Team upload
* Don't add CAP_IPC_LOCK capability to gnome-keyring-daemon.
GNOME Keyring uses "memory locking" to prevent memory buffers from being
written out to swap, in an attempt to prevent passwords and other secrets
from being written to disk unencrypted. Since Linux 2.6.9 (Debian 4.0,
2007) it has been possible to lock memory up to the limit defined by
RLIMIT_MEMLOCK without requiring the CAP_IPC_LOCK capability.
Since GLib 2.70, security hardening in GLib means that this capability
interferes with the ability to connect to the D-Bus session bus, which
is required functionality for gnome-keyring.
RLIMIT_MEMLOCK defaults to 64 KiB, although it is considerably higher on
typical Debian systems due to #976373. If memory locking for larger
quantities of secret data is required, please configure a higher
RLIMIT_MEMLOCK in /etc/security/limits.conf.
Using encrypted swap, with an ephemeral key if suspend-to-disk is not
required, is recommended as a more robust way to prevent passwords
from reaching disk. Full-disk encryption is also recommended for
systems where confidentiality is important.
(Closes: #994961)
* Don't build with capabilities support on Linux architectures.
Now that we are not setting CAP_IPC_LOCK, this is not useful, and
disabling it silences some misleading warnings. gnome-keyring will still
log a warning if it cannot allocate enough locked memory for its needs.
* Add proposed patches to avoid unnecessary use of unlocked memory.
Older versions of gnome-keyring did not always prevent larger items of
secret data from being swapped out, even if they could, due to a logic
error when allocating new blocks of locked memory.
-- Simon McVittie <email address hidden> Sun, 26 Sep 2021 17:28:50 +0100
