Nautilus tries to connect to sftp bookmarks at inappropriate times

I'm setting the severity to Major because it seems like a possible security issue.

The act of trying to take a standard screenshot triggers the bug as seen here. This shot was in turn taken with gimp.

btw, this is all using Dapper.

I have some kind of a similar ptoblem, and it's indeed extremely annoying to say the least. What happens here, is that I have bookmarked 3 FTP sites in Nautilus.
The first two, I have had bookmarked for ages, and they work fine. However the third one (that's the web space my ISP gives me), which I added only very recently (2 weeks ago) constantly asks me for the FTP server's password. Whatever action I perform on that site (open a folder, open a file, read or copy a file, what ahve you), it aks me the password each and every time ! :-O
Since it only does it for this site and not the other two, and since that FTP server is my ISP's one, and I have had nothing but problems in the past with them, I assumed it was just their server that was at fault. But then I saw this bug report(s), and am hoping it's somehow Gnome at fault, so hopefully it can be fixed...

Thank for your bug, it seems you list different issue which make not easy to reply to the bug. Your .tgz example is probably that it runs file-roller to extract it which is a different application and connect to the keyring

When you get the cancel is not clear. And what remote system it tries to connect and when is not clear neither. Could you enumerate a suite of actions giving that issue?

Sebastien Bacher wrote:
> Public bug report changed:
> https://launchpad.net/malone/bugs/35027
>
> Task: ubuntu nautilus
> Assignee: (unassigned) => Ubuntu Desktop Bugs
> Status: Unconfirmed => Needs Info
>
> Comment:
> Thank for your bug, it seems you list different issue which make not easy to reply to the bug. Your .tgz example is probably that it runs file-roller to extract it which is a different application and connect to the keyring

Right, so it seems that any applications that use the gnome file
selector are affected by this when I initiate an action that causes it
to open it tries the keyring. That is presumably because the file
selector has the bookmarks from Nautilus on the right hand side which it
tries to open to get some info about.

> When you get the cancel is not clear. And what remote system it tries to connect and when is not clear neither. Could you enumerate a suite of actions giving that issue?

So I've just reproduced it for myself and will describe the steps here:

1. First the control test:
  * I have no bookmarks in Nautilus
  * I start Gedit and go to Open File
  * I get the gnome file selector without any problems
2. Setting a bookmark
  * I open Natilus and press Ctrl+l to change location
  * I type in 'sftp://people.ubuntu.com/home/henrik
  * Nautilus connects without any questions (it's already in my keyring)
  * While logged in there I set a bookmark in Nautilus which also
appears in the 'Places' menu
3. Producing the bug:
  * I open Gedit again and Click 'Open'
  * I get a warning saying that Gedit wants to access my keyring
  * If I click 'Allow Once' there is no problem (and I'm sure Always
Allow would work as well)
  * If I click 'Deny' I am prompted for the password for that server
  * If I click Cancel I get the same questions again, but then finally I
get to the normal file selector
  * If I have 5 bookmarks I have to click Deny twice and Cancel twice
for each, a grand total of 20 times every time I try to open a file on
my local system ...

OK, so I could make life easier for myself by clicking 'Always Allow'
each time this occurred and the problem would gradually go away. I would
be able to edit remote files with Gedit and all would be sweet. The
point is I don't want to allow this action, because I see no need for
it. I don't see why I should allow gnome to log in to a remote server
when I'm just just trying to open a file on my system. If gnome is
talking to a remote server, what is it saying? Is it uploading all my
private emails to the directory which is live on the web? Probably not,
but as a careful user (the most prudent kind) I don't know that. That
only takes one more bug ...

Currently the only reliable workaround I have found is to have no
bookmarks and just type in the location each time.

I'm changing the status from 'Needs Info' (since lots of info was supplied) to 'Unconfirmed' again.

From this description it looks more like a gnome-keyring problem to me and I'm unable to confirm it (and didn't find a suitable upstream bug).

That might be. I don't know the interaction of these apps that well, but it would seem to me that the fault lies with the gnome file selector (is that part of the nautilus package?) because storing the bookmarks there is what causes an attempted connection to the net.

The gnome-keyring is then triggered and behaves as it should IMO, asking for my permissions to do something. The error is that the keyring should never be invoked in the first place because no attempt should be made to connect to these remote servers when I haven't requested it.

As per discussion on IRC, reassigning to libgnomeui and adding comments on http://bugzilla.gnome.org/show_bug.cgi?id=321242

duplicate of bug #32873

Architecture: i386
DistroRelease: Ubuntu 9.04
Package: libgnomeui
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, no user)
 LANG=en_US.UTF-8
Uname: Linux 2.6.28-11-generic i686
UserGroups: