Ubuntu
xfce4-session package

gpg-agent still running after session logout

Bug #1274643 reported by Thaddaeus Tintenfisch
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Xfce4 Session
Invalid
Medium
xfce4-session (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

gpg-agent keeps running after session logout if the user chose to not launch GNOME services on session startup (Settings Manager > Session and Startup > Advanced).

thad@local:~$ loginctl list-sessions
   SESSION UID USER SEAT
       c17 1001 bob seat0
       c19 1000 thad seat0

2 sessions listed.

thad@local:~$ ps -u bob
  PID TTY TIME CMD
16903 ? 00:00:00 gpg-agent

thad@local:~$ ps aux | grep bob
bob 16903 0.0 0.0 6464 332 ? Ss 17:10 0:00 /usr/bin/gpg-agent --sh --daemon --write-env-file /home/bob/.cache/gpg-agent-info

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: xfce4-session 4.10.1-3ubuntu3
ProcVersionSignature: Ubuntu 3.13.0-5.20-generic 3.13.0
Uname: Linux 3.13.0-5-generic i686
NonfreeKernelModules: fglrx
ApportVersion: 2.13.2-0ubuntu2
Architecture: i386
CurrentDesktop: XFCE
Date: Thu Jan 30 19:05:09 2014
InstallationDate: Installed on 2013-09-21 (131 days ago)
InstallationMedia: Xubuntu 13.10 "Saucy Salamander" - Alpha i386 (20130920)
SourcePackage: xfce4-session
UpgradeStatus: Upgraded to trusty on 2013-11-08 (83 days ago)

See original description
Revision history for this message
Thaddaeus Tintenfisch (thad-fisch-deactivatedaccount) wrote :
description: updated
Thaddaeus Tintenfisch (thad-fisch-deactivatedaccount)
no longer affects: gnupg (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xfce4-session (Ubuntu):
status: New → Confirmed
Revision history for this message
gweg (gweg) wrote :

Between xfce4-session 4.8.3 and 4.10.1 the logic wrt ssh-agent and gpg-agent was moved from a shell script in /etc/xdg/xfce4/xinitrc to xfce4-session-4.10.1/xfce4-session/xfsm-startup.c

I see this issue in debian jessie.

Looking at xfsm-startup.c there is a logic error when there is a pre-existing ssh-agent so gpg-agent is started without ssh-agent support and without an SSH_AGENT_PID environment variable. On shutdown, the SSH_AGENT_PID environment variable does not contain the PID of the gpg-agent, so the gpg-agent is not killed.

I see an up-stream change which probably fixes this. If I get time, I will try and test this fix in debian jessie.

http://git.xfce.org/xfce/xfce4-session/commit/xfce4-session/xfsm-startup.c?id=7892794fbf029a3b15d9e1320cf701bf0d31fd83

Revision history for this message
gweg (gweg) wrote :

Rebuilt the package (for testing on debian jessie) with the newer version of xfsm-startup.c (see upstream link above).
The gpg-agent was gone immediately after logout and the (separate ) ssh-agent also exited a few seconds after logout.

I suspect this fix will also work for Ubuntu for versions of xfce4-session >= 4.9.0, i.e. Trusty, Utopic, Vivid.

For older versions the shell script /etc/xdg/xfce4/xinitrc likely has the same logic error. It looks like the the code in xfsm-startup.c was loosely based on the previous logic in that script, which was in xfce4-utils package, until that package was merged into xfce4-session.

- Greg

Revision history for this message
Thaddaeus Tintenfisch (thad-fisch-deactivatedaccount) wrote :

Thank you for taking a look at this issue and finding the upstream commit which fixes the bug.

A new version of xfce4-session was released just yesterday [1], so this bug will get fixed soon in the current development release of Ubuntu - Vivid Vervet.

[1] https://mail.xfce.org/pipermail/xfce4-dev/2014-December/030978.html

Thaddaeus Tintenfisch (thad-fisch-deactivatedaccount)
Changed in xfce4-session:
status: New → Fix Released
Revision history for this message
Thaddaeus Tintenfisch (thad-fisch-deactivatedaccount) wrote :

Should be fixed in Ubuntu - Vivid Vervet (xfce4-session 4.11.1-0ubuntu1).

Gregor, can you confirm this?

Revision history for this message
In , Eric Toombs (ewtoombs) wrote :

xfce4-session will start gpg-agent, but it will not stop it at logout. On the next login of the same user, xfce4-session will check to see if gpg-agent is already running (which it will be) and not start another instance. The problem is that if the user is using gpg-agent's SSH agent support, SSH_AUTH_SOCK will not get incorporated into the environment on the second login. This is because xfce4-session doesn't start gpg-agent on the second login, so it doesn't have this information.

To solve this, xfce4-session must stop gpg-agent on logout if xfce4-session starts gpg-agent on login.

This is all with either enable-ssh-support in .gnupg/gpg-agent.conf, or with xfconf settings xfce4-session:/startup/ssh-agent/enabled = True and xfce4-session:/startup/ssh-agent/type = gpg-agent set.

Revision history for this message
In , Mikhefr (mikhefr) wrote :

I can't reproduce this with xfce4-session-4.12.1.
PID of gpg-agent is stored at session start and gpg-agent is stopped at logout.
Are you sure that gpg-agent is started by xfce4-session? If not, then xfce4-session will not stop it at logout, of course.

Revision history for this message
In , Eric Toombs (ewtoombs) wrote :

There was a minor release since then, so maybe it was fixed? I am pretty sure it was xfce4 that started it, since when I change the ssh agent to openssh ssh-agent, gpg-agent is not started. I'll try it again...

Thaddaeus Tintenfisch (thad-fisch-deactivatedaccount)
Changed in xfce4-session:
importance: Undecided → Unknown
status: Fix Released → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in xfce4-session:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
In , Eric Toombs (ewtoombs) wrote :

The problem is worse than I thought. xfce4-session loses track of a whole array of processes:

eric 414 0.5 0.0 36920 3832 ? Ss 02:07 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation
eric 418 0.2 0.1 54660 5048 ? S 02:07 0:00 /usr/lib/xfce4/xfconf/xfconfd
eric 421 0.0 0.0 17628 252 ? Ss 02:07 0:00 /usr/bin/gpg-agent --sh --daemon --write-env-file /home/eric/.cache/gpg-agent-info
root 443 0.3 0.2 233876 9024 ? Ssl 02:07 0:00 /usr/lib/upower/upowerd
eric 454 0.0 0.2 275128 8128 ? Ssl 02:07 0:00 /usr/lib/gvfs/gvfsd
eric 466 0.0 0.1 406476 5548 ? Sl 02:07 0:00 /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
eric 471 0.2 0.3 347732 12888 ? SNl 02:07 0:00 /usr/lib/tumbler-1/tumblerd
eric 472 0.0 0.1 335316 6576 ? Sl 02:07 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher
eric 489 0.0 0.0 36676 3488 ? S 02:07 0:00 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
eric 494 0.0 0.1 216056 5168 ? Sl 02:07 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
eric 501 0.1 0.2 309120 8436 ? Ssl 02:07 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
root 504 0.7 0.1 365064 7200 ? Ssl 02:07 0:00 /usr/lib/udisks2/udisksd --no-debug
eric 521 0.0 0.1 351264 6396 ? Sl 02:07 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.13 /org/gtk/gvfs/exec_spaw/0
eric 526 0.0 0.1 191728 5528 ? Ssl 02:07 0:00 /usr/lib/gvfs/gvfsd-metadata

To get this, I did a ps aux, logged into XFCE, logged out, then did another ps aux. All of the above processes weren't shut down.

Revision history for this message
In , Eric Toombs (ewtoombs) wrote :

BTW that happens with startx and slim. xfce4 is started from .xinitrc with the following line:
exec ssh-agent startxfce4

Revision history for this message
Daniel Richard G. (skunk) wrote :

Hello,

I, too, am seeing this issue of gpg-agent persisting after an XFCE session ends. However, I think the problem may be outside of xfce4-session proper.

In my investigation into https://bugs.launchpad.net/bugs/1577562 , I found two places where gpg-agent may be started at the beginning of an XFCE session:

    /etc/X11/Xsession.d/90gpg-agent
    /usr/share/upstart/sessions/gpg-agent.conf

The first one starts up gpg-agent only if you have a "use-agent" directive in your GnuPG user config. The second one starts up the agent unconditionally.

Could someone check to see if the problem described in this bug report is actually attributable to these scripts?

(It does seem like some agreement is needed, across multiple projects, as to who exactly is responsible for starting gpg-agent, and under what conditions.)

Revision history for this message
Marc Pignat (swid) wrote :

bionic is still affected by this bug.
Is this not a security bug?
Should we rise the importance?

Revision history for this message
In , Maciej S. Szmigiero (maciejsszmigiero) wrote :

The patch attached to bug 12044 should also fix dangling gpg-agent and ssh-agent processes.

Revision history for this message
In , Skunnyk-q (skunnyk-q) wrote :

I confirm, the gpg-agent thing is fixed by bug #12044
But the problem of other process not terminated on logout is still here (maybe restart user bus on logout like gnome)

*** This bug has been marked as a duplicate of bug 12044 ***

Bug Watch Updater (bug-watch-updater)
Changed in xfce4-session:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.