I am using Ubuntu Desktop for quite a some time now as my main OS. Now I don’t know under which category this topic falls, hence in support and help.
I want to provide a feedback about Authentication Required Pop-Up and it can be a serious security concern.
Issue is recently on my system I have been seeing this popup multiple times as I keep my keyring locked by default. But what’s annoying is I don’t get to know which application is requesting access to keyring and triggering it as I have multiple services and startup applications.
Just like Administrator Access popup in windows have application name requesting it, Ubuntu developers should consider adding the name of the application which is triggering this popup in the popup for user to know, to which program we are giving access to keyring. This can be very helpful in the case some malicious program is trying to access the keys stored in keyring.
1 Like
You should be able to determine the offending application fairly easily from your logs.
I’m not sure I see the serious security concern. Consider editing your post to explain.
FYI: Real “feedback” should be in the form of a bug report, as that is how issues and suggestions are triaged and tracked. Ubuntu Discourse is not the bug tracker – we can talk about it, but it might not travel to the developers’ list of TODOs.
3 Likes
When I have seen that message it’s because my WiFi needed permission to access the internet right after booting because I use to have my system set to login without me needing to enter the password which does no good because you still have to enter it to connect to the internet, I agree with Ian I do not necessarily see this as a security concern.
@ian-weisser Well, don’t you think adding a name upfront in the dialogue is much more user-friendly than checking logs?
@Wild_Man @ian-weisser It is not a security concern for those who are experts and know what is happening under the hood or why it popped up. For example you know that you need to enter password to get connected, I didn’t know that till now. Think about people who are not technical or simply uses Ubuntu for their day to day needs.
@ian-weisser Sure I can submit a feedback there, can you give me the link of official bugtracker, where desktop related feedbacks can be submitted?
I am not an expert I am just an ordinary user like you I have just been using Ubuntu longer and I was just sharing my personal experience, so I always think about people that are not experts.
Not sure I can be of so much help but hopefully this will lead you in the right direction.
Run this command in a terminal after dismissing or entering your password in the pop-up:
journalctl --since "5 minutes ago" | grep -i keyring
Look for logs related to gnome-keyring-daemon or applications attempting access.
To report an issue or request an improvement, go here:
https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues
Curious: Why do you keep your keyring locked by default?
That’s not how Ubuntu is designed to be used.
What kind of security threat are you concerned about?
No, I do not: It’s not user-friendly to throw irrelevant and possibly misleading information at a user.
Most commonly, new users see that dialog when they change their login password without also changing the keyring password. For them, the name of the requesting application is misleading, irrelevant to the solution.
That’s only the most common possibility. There are many others for more advanced users. Some involve knowing the name of the application, some do not.
The dialog did its job: It sent you to support, where humans can help you untangle whatever complex problem you might have.