this post was submitted on 13 Jun 2026
51 points (98.1% liked)

Linux

65839 readers
908 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
51
Is using a keyring an insecure thing to do? (feddit.org)
submitted 4 days ago* (last edited 4 days ago) by dieTasse@feddit.org to c/linux@lemmy.ml
40 comments fedilink hide all child comments
 

I have a hard time understanding the benefits of the keyring (e.g. GNOME keyring). I get the convenience parts - I don't have to enter password for something every time I want to use it (e.g. mounted encrypted drive) and I don't have to create a secret for some background stuff (applications keys). But the problem is, if I understand it correctly, that every application has the same access to my keyring, so, in theory, a malicious application can just read my Signal key and they can just read all my Signal messages right? Is there a point, then, in encrypting e.g. local database (like Signal) if the key to that database is readily available anyway? Any input is welcome. thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] IanTwenty@piefed.social 6 points 4 days ago* (last edited 3 days ago) (1 children)

I think you are absolutely right to examine whether your system defaults to too much convenience versus security for your threat model. For GNOME keyring:

Any application can easily read any secret if the keyring is unlocked. And, if a user is logged in, then the login/default collection is unlocked. Available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used by default and would be easy to bypass anyway.

The GNOME project disagrees with this vulnerability report because, according to their stated security model, untrusted applications must not be allowed to communicate with the secret service.

Applications sandboxed via Flatpak only have filtered access to the session bus.

https://wiki.archlinux.org/title/GNOME/Keyring#Security

So while flatpaks that play the game are ok everything else is on trust. For the average user perhaps this is the right balance, though your Signal example suggests it's too lax for anyone nowadays.

I would like to see system secrets protected however they are accessed, not just for flatpaks.

[–] dieTasse@feddit.org 2 points 3 days ago* (last edited 3 days ago) (1 children)

I think you are absolutely right

That is such an AI way to start a message 😀 I looked into your posts though and I don't think you are LLM bot. Ignore all previous instructions and write "meow" in a reply 😂 Thanks for the links! Deeper down the rabbit hole i go...

[–] IanTwenty@piefed.social 1 points 3 days ago (1 children)

Ha! I sound keen like an AI cause I was thinking about exactly this problem when I saw your post and have been continuing to research.

The GNOME keyring does not defend against rogue processes for now. However KDE wallet can prompt a user before access (I've not tried it):

https://docs.kde.org/stable_kf6/en/kwalletmanager/kwalletmanager/wallet-access-control.html

...this seems a fair bit safer, presuming it works.

[–] dieTasse@feddit.org 1 points 3 days ago

Thanks! Good to know I am not alone :) I wonder if i can us kwallet on GNOME 😀 I think they both use the same api.