[Bug 977941] New: deleting stored passswords without warning
http://bugzilla.opensuse.org/show_bug.cgi?id=977941 Bug ID: 977941 Summary: deleting stored passswords without warning Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: PC OS: openSUSE 13.2 Status: NEW Severity: Critical Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: Nick_Levinson@yahoo.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Updates that delete stored passwords should require a user's prior approval specifically about password deletion. Several times I found out about the deletion only after the updating was finished, and then only because I go to the extra step of clicking to open and read every link in the before and after dialogs, and this deletion is reported only in the after dialog, when the damage is already irreversibly done. This doesn't affect me because I don't store passwords that way but, unless your process checks whether a user stores passwords and puts up an actionable alert before updating, and I doubt it can usefully check without checking all user accounts including root thereby revealing to a nonroot user one of root's secrets, so the process probably does not check at all, it probably adversely affects almost all users who do store passwords that way. Therefore, for their sake, please post an alert giving a user a pre-updating option about whether to delete the old passwords. Even that could be problematic because updating can be initiated by a nonroot user and that user would be making a choice on behalf of root and on behalf of users who are supposed to be unknown to the given user. Better yet, automatically and silently transfer all accounts' old passwords into the post-update software, so permission becomes unnecessary. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c1
Stephan Kulow
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c2
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c3
Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c4
Andreas Stieger
This update to Chromium 48.0.2564.109 fixes the following issues: [...] Security fixes (boo#965999): [...] Non-security bug fixes: [...] - On KDE 5 kwallet5 is the default password store now
( https://build.opensuse.org/patchinfo/show/openSUSE:Maintenance:4656/patchinf... ) Maintenance will, as we did in this case, continue to outline significant changes that the user may be aware of. If these are overlooked like they were apparently in this case there is nothing we can do. Adding a specific warning for any unspecified change in behavior that a user may regard as a regression is out of scope. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c5
--- Comment #5 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c6
--- Comment #6 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c7
--- Comment #7 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c8
--- Comment #8 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c9
--- Comment #9 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c10
--- Comment #10 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c11
Andreas Stieger
This confirms the original bug report and the steps to reproduce. It shows that the deletion of passwords is still continuing despite the above discussion. It is not a one-time event.
Unfortunately this again is a misunderstanding on your part. What is shown is simply the description of the package chromium-desktop-gnome, as can be shown using zypper info: " By using the openSUSE update-alternatives the password store for Chromium is changed to utilize Gnome's Keyring. Please be aware that by this change the old password are no longer accessible and are also not converted to Gnome's Keyring. " The description for chromium-desktop-kde is similar and relates to KWallet. This is not related to maintenance updates at all, but to the fact that using Chromium's own password store and using the Keyring/KWallet implementations does not have a migration path if a user chooses to use any of the two desktop integrations offered. The user is still free to not use either desktop integration, or start use at any point, hence the package description. I am not aware of an update that forces this migration. Your conclusion that an update would delete password is incorrect. I seems to be mainly based on a misreading of a package description in relation to recently installed updates, which is simply not correct. If you are basing your concern solely on what you show in the screenshots, I am afraid your report is invalid. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c12
--- Comment #12 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c13
--- Comment #13 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c14
--- Comment #14 from Raymond Wooninck
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c15
Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c16
--- Comment #16 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c17
--- Comment #17 from Raymond Wooninck
I personally don't store passwords that way, so I can't test for consequences of sync'ing etc., but, from what you're saying, it sounds like loss could occur again. In that case, when that would happen in a particular
It would be quite hard to determine when that happens. This could actually already have happened and the separate chromium-desktop-xxx files no longer function the way that we all believe they do. These are technical changes within the Chrome/Chromium core and the upstream developers are not really indicating what actually changes under the hood.
update, the update should be preceded by a request for the user's permission with an explanation of imminent password loss and a suggestion to
See above. If we do not know if it changes, we can not do anything. If you want to make sure that Chromium keeps behaving the way it is now, then I guess locking the package within YaST/zypp would be the best solution for you.
synchronize immediately, and even that wouldn't work for someone who doesn't have a device or service to sync into; and if a nonroot user can sync root's passwords or other users' passwords to other devices or services that looks like a large security gap. I'm not questioning the preference for
Euh, seems I either explained it wrongly or you completely misunderstood me. Google offers a synchronization between devices for chromium (bookmarks, passwords, etc). This is synchronized through your own google account. This way you can still sync even if you have only one device. But this is only related to passwords that you are storing inside chromium. If this bug is actually about loosing passwords for unix users (so outside of chromium), then chromium got nothing to do with this. Chromium can not access /etc/passwd and then start reading all the passwords. So I am wondering if you are not confused about where chromium actually stores its passwords that an user is using when accessing a website. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c18
--- Comment #18 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c19
--- Comment #19 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c20
--- Comment #20 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c21
--- Comment #21 from Raymond Wooninck
It turns out that passwords stored in Chromium before the implementation of KWallet/Keyring storage can still be recovered and migration is also available. For a how-to, see https://bugs.chromium.org/p/chromium/issues/detail?id=620360#c3.
That makes the software description even more wrong than was evident earlier. I am now trying to find out which organization is responsible for the editing/correcting of that description, so an editorial request can be made in the proper venue and carried out.
Wow, seems as if you are targeting to file a court case against that organization. Please read again the description of the packages and tell me what is wrong about it. The description indicates: "Please be aware that by this change the old password are no longer accessible and are also not converted" And what is wrong with that indication ? KWallet can not access the GNOME Keyring, nor can it access the plain chromium files and vice versa. So indeed by switching the password backend, one can not retrieve the old passwords easily (unless one has synchronization active). Then it is done automatically. Also the indication that "Are not converted" is technically correct. Upon change there is no process started that converts your passwords from one backend to the next, unless as stated before the synchronization is active. Also your bug report with Google, delivered the same information. It was never indicated that passwords would be deleted from the old password store. One can not assume that every chromium user has synchronization active, so the above is a correct statement. But after all it is merely a short description of the contents of the package, not a legal statement -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c22
--- Comment #22 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c23
--- Comment #23 from Raymond Wooninck
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c24
--- Comment #24 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c25
--- Comment #25 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c26
--- Comment #26 from Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
http://bugzilla.opensuse.org/show_bug.cgi?id=977941#c27
Nick Levinson
http://bugzilla.opensuse.org/show_bug.cgi?id=977941
Martin Pluskal
participants (1)
-
bugzilla_noreply@novell.com