chromium und skype : requiring strange permissions ?

[Soviet_Mario]

I HAD to install two unwanted programs (to attend online
school-meeting), the summentioned CHROMIUM and SKYPE

Both, at startup, pop up a windows prompting for PWD to
unlock the KEY-safe depot (I am not able to translate well
"portachiavi").

I deny twice or thrice, than the programs go on running
regularly.

I have some doubts, for knowledgeable users of one or both
* can they unlock what they are looking for by themselvese,
silently, even without password ?
* they just give up ?
In this second case : I miss some functionality ? (i.g.
storing logins pwds and other info ? They don't store
anything ? they store in unsafe place ? I use them very
seldom and at the minimum level)
Or else : I don't really miss any functionality and they
just wanted to be nosy where not supposed to ?


Now a joke (real) for us, irreversible linux users who from
time to time taste the amusing features of Win.
On my father PC. In a newsletter I read about scripts
collections for PowerShell, namely SharpApp from MirinSoft.

I dnlded and tried immediately.
Amonge the preinstalled shitware recalcitrant to manual
uninstall, I selected EDGE, CORTATA, and BIOsth.
I run the SW as plain user, then as admi, then reboot and admin
BluntApp was able to uninstall NONE of them. I mean : it was
supposed to be designed with that goal. And failed. No
words. Cheers !





--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
Soviet_Mario - (aka Gatto_Vizzato)

[David W. Hodgins]

On Thu, 07 May 2020 18:35:49 -0400, Soviet_Mario <Sovie...@cccp.mir> wrote:

> Both, at startup, pop up a windows prompting for PWD to
> unlock the KEY-safe depot (I am not able to translate well
> "portachiavi").

It actually translates to keychain according to
https://www.deepl.com/translator#it/en/portachiavi

See https://www.funtoo.org/Keychain

It's only of use if you want to enter ssh or gpg passphrases once, and have them
kept in memory until reboot.

If you are not using the program to store the passphrases, uninstall the package.

Regards, Dave Hodgins

--
Change dwho...@nomail.afraid.org to davidw...@teksavvy.com for
email replies.

[William Unruh]

On 2020-05-08, David W. Hodgins <dwho...@nomail.afraid.org> wrote:
> On Thu, 07 May 2020 18:35:49 -0400, Soviet_Mario <Sovie...@cccp.mir> wrote:
>
>> Both, at startup, pop up a windows prompting for PWD to
>> unlock the KEY-safe depot (I am not able to translate well
>> "portachiavi").
>
> It actually translates to keychain according to
> https://www.deepl.com/translator#it/en/portachiavi
>
> See https://www.funtoo.org/Keychain
>
> It's only of use if you want to enter ssh or gpg passphrases once, and have them
> kept in memory until reboot.
>
> If you are not using the program to store the passphrases, uninstall the package.

i ^^^^^^^^^^^ Not sure which program you are
referring to. Not Chromium or skype I presume, but they are the only
programs mentioned. You mean Keychain? But it is chromium and skype that
he says are asking for the password, not keychain. (I have had that same
thing happen in the past when opening chrome for the first time, but it
has stopped doing so recently)

>
> Regards, Dave Hodgins
>

[David W. Hodgins]

I was referring to uninstalling keychain, as I suspect that's the program
being called for entering the passphrase.

I haven't seen either chromium or google-chrome ask for a password or passphrase
on startup. Starting chromium from a kconsole does show a message
"ERROR:kwallet_dbus.cc(100)] Error contacting kwalletd"

If it is kwallet asking for the password, I've disabled it on my system with
systemsettings5/Personalisation/Account Details/KDE wallet, and unselecting
the checkbox for "Enable the KDE wallet subsystem". I disable it when I go
through all of the settings available, right after install of the system.

Would help if the desktop environment in use was specified.

[Soviet_Mario]

On 08/05/20 02:32, David W. Hodgins wrote:
> On Thu, 07 May 2020 18:35:49 -0400, Soviet_Mario
> <Sovie...@cccp.mir> wrote:
>
>> Both, at startup, pop up a windows prompting for PWD to
>> unlock the KEY-safe depot (I am not able to translate well
>> "portachiavi").
>
> It actually translates to keychain according to
> https://www.deepl.com/translator#it/en/portachiavi
>
> See https://www.funtoo.org/Keychain
>
> It's only of use if you want to enter ssh or gpg passphrases
> once, and have them
> kept in memory until reboot.

mmm, no, I don't need/want to use either through Chromium or
Skype

>
> If you are not using the program to store the passphrases,
> uninstall the package.

Which one ?
SSH / GPG
or Chromium and Skype ?

Those last .... I'd be very willing to, but for now I need
them as every colleague is enforcing this standard :(

tnx

>
> Regards, Dave Hodgins

[Soviet_Mario]

On 08/05/20 05:54, David W. Hodgins wrote:
> On Thu, 07 May 2020 22:53:54 -0400, William Unruh
> <un...@invalid.ca> wrote:
>
>> On 2020-05-08, David W. Hodgins
>> <dwho...@nomail.afraid.org> wrote:
>>> If you are not using the program to store the
>>> passphrases, uninstall the package.
>> i                      ^^^^^^^^^^^ Not sure which program
>> you are
>> referring to. Not Chromium or skype I presume, but they
>> are the only
>> programs mentioned. You mean Keychain? But it is chromium
>> and skype that
>> he says are asking for the password, not keychain. (I have
>> had that same
>> thing happen in the past when opening chrome for the first
>> time, but it
>> has stopped doing so recently)
>
> I was referring to uninstalling keychain, as I suspect
> that's the program
> being called for entering the passphrase.

Mmm ... is it an unsafe program ?
I'm not sure what you mean with "on startup".
When system boots and executes it does not ask for unlocking
keychain. Just on launch of Skype or Chromium does it become
involved.

>
> I haven't seen either chromium or google-chrome ask for a
> password or passphrase
> on startup. Starting chromium from a kconsole does show a
> message
> "ERROR:kwallet_dbus.cc(100)] Error contacting kwalletd"

kwallet is the same as keychain ?

>
> If it is kwallet asking for the password, I've disabled it
> on my system with
> systemsettings5/Personalisation/Account Details/KDE wallet,

I have the gnome variant (once I did some unfruitful
experiments with GPG .... I'd like to retry this summer
maybe, for digital signing of contents and later archiving
them on WayBackMachine)

> and unselecting
> the checkbox for "Enable the KDE wallet subsystem". I
> disable it when I go
> through all of the settings available, right after install
> of the system.
>
> Would help if the desktop environment in use was specified.

sure, I did not realize it was relevant.
I use XFCE as a "full" base and current DE, but I have quite
some Gnome services and utilities (among them, gnome wallet
or keychain) and even some small pieces from Cinnamon/Mate
(but just the file manager and some mass rename plugins).

This system would be considered a mess by 99 % of "duri e
puri" old age linux users, as I have also some flatpak, snap
and appimage around.

But it is the gnome wallet the service skype and chromium
are trying to unlock, very likely

Not a problem per se : I'd like to know if my denial of
unlock is enough to prevent nosy overlook on stored keys. If
so, I just press ESC and put forth



>
> Regards, Dave Hodgins

[William Unruh]

On 2020-05-08, Soviet_Mario <Sovie...@CCCP.MIR> wrote:
> On 08/05/20 05:54, David W. Hodgins wrote:
>> On Thu, 07 May 2020 22:53:54 -0400, William Unruh
>> <un...@invalid.ca> wrote:
>>
>>> On 2020-05-08, David W. Hodgins
>>> <dwho...@nomail.afraid.org> wrote:
>>>> If you are not using the program to store the
>>>> passphrases, uninstall the package.
>>> i                      ^^^^^^^^^^^ Not sure which program
>>> you are
>>> referring to. Not Chromium or skype I presume, but they
>>> are the only
>>> programs mentioned. You mean Keychain? But it is chromium
>>> and skype that
>>> he says are asking for the password, not keychain. (I have
>>> had that same
>>> thing happen in the past when opening chrome for the first
>>> time, but it
>>> has stopped doing so recently)
>>
>> I was referring to uninstalling keychain, as I suspect
>> that's the program
>> being called for entering the passphrase.
>
> Mmm ... is it an unsafe program ?

No. He is saying that if the program that is causing problems is the
program called "keychain" then oneway of getting rid of the problem id
to uninstall that program. I doubt that that is the problem. It is based
on a translation of the italian, and programs' names do not change in
Italy. Error messages do, but if that error message were refering to the
program "keychain" it would probably use the name "keychain".
His second observation that it could be the program kwalletd is I think
more likely. Chrome on Linux may be asking kwalletd to store its list of
passwords that it has saved.

> I'm not sure what you mean with "on startup".
> When system boots and executes it does not ask for unlocking
> keychain. Just on launch of Skype or Chromium does it become
> involved.
>
>>
>> I haven't seen either chromium or google-chrome ask for a
>> password or passphrase
>> on startup. Starting chromium from a kconsole does show a
>> message
>> "ERROR:kwallet_dbus.cc(100)] Error contacting kwalletd"
>
> kwallet is the same as keychain ?

No it is a different program, whick stores passwords. The Italian word
translated as keychain could refer to the program "keychain" or it could
refer to some program which stores keys which the Italian translator of
the English error message translated in that way ( far more likely in my
opinion).

So, why don't you try his solution and disable kwalletd and see if the
request goes away.

[Soviet_Mario]

how to "disable" without uninstall ? I'd like to preserve
all stored data.

But apart from that, is it there any problem in simply
ignoring the requests ? If, doing so, I don't cause any
vulnerability, I'll simply press ESC a couple of times.
The programs I don't like after all were chromium (damn
fast, without plugins, I must admit that ! ... but also of
little use without plugins as well) and skype, which I'll
keep for as little time as possible :)
CUT

[William Unruh]

He gave you the instructions.
click on the "Settings" icon (on my Mageia 7 it is a crosed wrench and
screwdriver on the task bar on th ebottom of the page. Or you can open
the program icon-- Application Menu, click on Tools and then on System
Settings). The go to the line in Settings called Personalisation and
click the icon Account Details. At tjhe top is is a check box called
Enable KDE wallet subsystem.
uncheck that box. That will disable the kde wallet subsystem.

If you mean keychain, it has nothing to do with either Skype or
Chromium. It is for saving credentials for pgp/gpg, and ssh.

>
> But apart from that, is it there any problem in simply
> ignoring the requests ? If, doing so, I don't cause any

Not that I know of. I have however no idea how Chromium or skype use
whatever it is they are asking for.

[Soviet_Mario]

I'll try to discover if this is similar to Debian's gnome
wallet then

>
> If you mean keychain, it has nothing to do with either Skype or
> Chromium. It is for saving credentials for pgp/gpg, and ssh.

yes, and nevertheless they want to access my "portachiavi"
for own reasons, that is annoying. So I deny
Ah, BTW : I have no keychain installed nowhere, just
"wallets" (two actually, one is Gnome's the other of a
program I just tried a couple of times, for bitcoin : no
longer used for now)

>
>
>>
>> But apart from that, is it there any problem in simply
>> ignoring the requests ? If, doing so, I don't cause any
>
> Not that I know of. I have however no idea how Chromium or skype use
> whatever it is they are asking for.

Glad to know the thing sounds at least surprising to you too.

Apparently they seem to try to store own logins in a safe
place. But a step beyond : 1) I have not asked to save
anything at all and 2) once I grant access permission, it
becomes a question of TRUST what use they make of OTHER
keys. And such trust does not simply exist :)
I just wanted to delve into the question : are they able to
access wallet even if I deny the permission, in a silent way ?
The other details are unimportant in the end.
I tend to think they can't (here is not Win after all).
But assuming they could ... then disabling wallet would
enhance security ? Dunno at all

>
>> vulnerability, I'll simply press ESC a couple of times.
>> The programs I don't like after all were chromium (damn
>> fast, without plugins, I must admit that ! ... but also of
>> little use without plugins as well) and skype, which I'll
>> keep for as little time as possible :)
>> CUT
>>

[David W. Hodgins]

On Fri, 08 May 2020 14:35:44 -0400, Soviet_Mario <Sovie...@cccp.mir> wrote:

> I just wanted to delve into the question : are they able to
> access wallet even if I deny the permission, in a silent way ?
> The other details are unimportant in the end.

They cannot. With wallet type programs, you pick a password to use to open the
wallet, when the wallet is first set up. Then the wallet is used to store all
of the other passwords used for various things such as login at a web site.
Without that one password for the wallet, the browser or sype login cannot
access the wallet.

If you are not using the wallet to store passwords, then there is nothing
there for the program to access anyway.

[William Unruh]

On 2020-05-08, Soviet_Mario <Sovie...@CCCP.MIR> wrote:
>
> I'll try to discover if this is similar to Debian's gnome
> wallet then

kwalletd and gnome wallet are not the same. So you are running gnome as
your desktop. It would really really help if you gave information like
this when you report the problem, so that you do not waste the time of
people trying to help you.

>
>>
>> If you mean keychain, it has nothing to do with either Skype or
>> Chromium. It is for saving credentials for pgp/gpg, and ssh.
>
> yes, and nevertheless they want to access my "portachiavi"

portachiavi is NOT the program keychain. They are using that term to
define something having to do with some program that skype and chromium
are triggering. We have no idea what that program is.

a) do
ps auxww|grep kwallet|grep -v grep

to see if you have kwalletd running. If you do then his suggestions
might be useful.

> for own reasons, that is annoying. So I deny

You deny what?

> Ah, BTW : I have no keychain installed nowhere, just
> "wallets" (two actually, one is Gnome's the other of a

So you will have to figure out how to disable Gnome's wallet.

> program I just tried a couple of times, for bitcoin : no
> longer used for now)

So uninstall it.

>>
>> Not that I know of. I have however no idea how Chromium or skype use
>> whatever it is they are asking for.
>
> Glad to know the thing sounds at least surprising to you too.
>
> Apparently they seem to try to store own logins in a safe
> place. But a step beyond : 1) I have not asked to save
> anything at all and 2) once I grant access permission, it
> becomes a question of TRUST what use they make of OTHER
> keys. And such trust does not simply exist :)
> I just wanted to delve into the question : are they able to
> access wallet even if I deny the permission, in a silent way ?

They need the password to do so.

> The other details are unimportant in the end.
> I tend to think they can't (here is not Win after all).
> But assuming they could ... then disabling wallet would
> enhance security ? Dunno at all

Or decrease security. The purpose of thos wallets is to hide critical
information behind a password. If they are hidden, then the security is
increased.

[Soviet_Mario]

On 08/05/20 20:52, William Unruh wrote:
> On 2020-05-08, Soviet_Mario <Sovie...@CCCP.MIR> wrote:
>>
>> I'll try to discover if this is similar to Debian's gnome
>> wallet then
>
> kwalletd and gnome wallet are not the same.

mmm, note taken

> So you are running gnome as

no, actually I run XFCE, with some services from gnome too.
I have another piece of SW called "passwords and keys" :\
As I said, this is a confusionary Debian install where I
tried whatever seemed intresting and then left it there in
place.

> your desktop. It would really really help if you gave information like
> this when you report the problem, so that you do not waste the time of
> people trying to help you.

I had just specified what DE I was using. As for the
"wallet", I met the problem of translating properly
"portachiavi". Keychain is not installed here. But after
researching I have discovered I actually have also KWallet
manager :\ I did not remember I had it. Also gnome offer
some services of keys keeping.

>>
>>>
>>> If you mean keychain, it has nothing to do with either Skype or
>>> Chromium. It is for saving credentials for pgp/gpg, and ssh.
>>
>> yes, and nevertheless they want to access my "portachiavi"
>
> portachiavi is NOT the program keychain.

assessed ! I still don't know if the requests are sent to
KWallet or to "passwords and keys" (gnome service).

> They are using that term to
> define something having to do with some program that skype and chromium
> are triggering. We have no idea what that program is.
>
> a) do
> ps auxww|grep kwallet|grep -v grep

no output.
I have it installed though. Maybe simply it is not set in
autorun mode.


but with this other cmd, i get ...

sudo ps auxww|grep key|grep -v grep
gattovi+ 3640 0.0 0.0 213256 7252 ? Sl 00:55
0:00 /usr/bin/gnome-keyring-daemon --start --components=ssh

and here the other name : gnome-keyring. That was the other
"key safe manager".

So it is likely Skype and Chromium send some request to this
running service ....

>
> to see if you have kwalletd running.

no, it does not seem so. But I have it installed.
gnome daemon is running even w/o having launched neither
Skype nor Chromium. It must be set for automatic execution
at startup

> If you do then his suggestions
> might be useful.
>
>> for own reasons, that is annoying. So I deny
> You deny what?

the password input in the dialog box asking for it.
Hence I guess I do not allow unlocking the key-service.

>
>> Ah, BTW : I have no keychain installed nowhere, just
>> "wallets" (two actually, one is Gnome's the other of a
>
> So you will have to figure out how to disable Gnome's wallet.

uhm ... but why exactly ? To me this does not seem a problem
in gnome-keyring-daemon, but of 3rd party SW who, without
particular reason, try to access the service.

>
>> program I just tried a couple of times, for bitcoin : no
>> longer used for now)
>
> So uninstall it.

... for now :) not necessarily forever.

>
>>>
>>> Not that I know of. I have however no idea how Chromium or skype use
>>> whatever it is they are asking for.
>>
>> Glad to know the thing sounds at least surprising to you too.
>>
>> Apparently they seem to try to store own logins in a safe
>> place. But a step beyond : 1) I have not asked to save
>> anything at all and 2) once I grant access permission, it
>> becomes a question of TRUST what use they make of OTHER
>> keys. And such trust does not simply exist :)
>> I just wanted to delve into the question : are they able to
>> access wallet even if I deny the permission, in a silent way ?
>
> They need the password to do so.
>
>
>> The other details are unimportant in the end.
>> I tend to think they can't (here is not Win after all).
>> But assuming they could ... then disabling wallet would
>> enhance security ? Dunno at all
>
> Or decrease security.

that's the reason why I was not so happy to disable
gnome-keyring-daemon. I did not think it was "the culprit"

> The purpose of thos wallets is to hide critical
> information behind a password. If they are hidden, then the security is
> increased.

ok ... so I will go on like before.

I had installed SSH services because, sooner or later, I
will retry a task (unsuccessfully yet) I had to defer (to
share resources in a lan-still-to-make).

I have to use the PC daily for too many hours and have not
that much time to finish configure properly the new one. I
hope this summer I will breathe again. This f**ing-Covid is
draining every drop of blood. Here everybody say we
(teacher) are on holiday, but actually I'm working more or
less the double as before :\ In reality I still have had no
time to customize the new PC well enough to work with for
school.

And it's not even only a question of mere time. I'm tired,
cannot focus well on other topics.

>
>>
>>
>>>
>>>> vulnerability, I'll simply press ESC a couple of times.
>>>> The programs I don't like after all were chromium (damn
>>>> fast, without plugins, I must admit that ! ... but also of
>>>> little use without plugins as well) and skype, which I'll
>>>> keep for as little time as possible :)
>>>> CUT
>>>>
>>
>>