[Bug 377652] New: permission request confusing and insecure
https://bugzilla.novell.com/show_bug.cgi?id=377652 Summary: permission request confusing and insecure Product: openSUSE 11.0 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: sreeves@novell.com QAContact: qa@suse.de Found By: --- On my factory box (update ~ 4/2/2008 ) I ran a "git pull" command, it was slow waiting for the remote server so I switched to another task. I then pulled up my browser and as the multiple tabs were loading got this popup - "An application wants access to the private key id_rsa ..." I spent a couple minutes switching through the various tabs wondering which one and why it was requesting access to the private key. I finally denied it feeling slightly worried about what was going on. Only later when I switched back to the "git pull" did I remember... The popup needs to list what application is requesting access. It does not seem like a good idea to get users used to accepting random popups that just say "something somewhere wants access ..." -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 User sreeves@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=377652#c1 --- Comment #1 from Scott Reeves <sreeves@novell.com> 2008-04-07 09:37:35 MST --- Created an attachment (id=206515) --> (https://bugzilla.novell.com/attachment.cgi?id=206515) popup -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 User sreeves@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=377652#c2 --- Comment #2 from Scott Reeves <sreeves@novell.com> 2008-04-07 09:49:28 MST --- I am running PolicyKit-0.7-28 PolicyKit-gnome-0.7-41 gnome-desktop-2.22.0-7 gnome-keyring-2.22.0-7 gnome-session-2.22.0-10 libgnomesu-1.0.0-228 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=377652#c3 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |sreeves@novell.com --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2008-04-08 02:06:24 MST --- What application is that? ssh? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 User sreeves@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=377652#c4 Scott Reeves <sreeves@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|sreeves@novell.com | --- Comment #4 from Scott Reeves <sreeves@novell.com> 2008-04-08 08:57:09 MST --- Yes, the git repo was cloned via "git clone git+ssh://<user>@<server" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=377652#c5 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |bnc-team-gnome@forge.provo.novell.com --- Comment #5 from Ludwig Nussel <lnussel@novell.com> 2008-04-08 09:17:41 MST --- The dialog in your screenshot doesn't look the one from ssh-askpass though. Maybe gnome uses some custom replacement. Reassigning to the gnome maintainers. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 User jpr@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=377652#c6 JP Rosevear <jpr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-gnome@forge.provo.novell.com |hpj@novell.com --- Comment #6 from JP Rosevear <jpr@novell.com> 2008-04-11 01:33:52 MST --- Seahorse i guess. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 User hpj@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=377652#c7 Hans Petter Jansson <hpj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #7 from Hans Petter Jansson <hpj@novell.com> 2008-04-16 21:57:06 MST --- Yeah, Seahorse. I agree, I'll see if we can get the app name in there. I hope it's available to Seahorse. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=377652 JP Rosevear <jpr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com