[PATCH] Fix curses running as root on tty of other user
Stanislav Ochotnicky
sochotnicky at redhat.com
Tue Feb 15 15:12:45 CET 2011
I have recently received bug report where running pinentry as root
with tty set was failing. After some strac-ing, I found the culprit in
dialog_run function inside pinentry-curses.c. It tries to open current
tty if it is set, but it fails because pinentry removes all
capabilities except ipc_lock.
I created a patch fixing this behaviour by keeping dac_override
capability until after we open ttys.
I also fixed another one small capability issue that I believe was
present. See the patch for details on this.
To reproduce do this:
1. login as normal user
2. su -
3. ls -l `tty` should show you original user as owner
4. gpg2 --symmetric .bashrc
With this patch last command succeeds, otherwise it fails
diffstat:
pinentry/pinentry-curses.c | 24 +++++++++++++++++++++++-
secmem/secmem.c | 6 ++++--
2 files changed, 27 insertions(+), 3 deletions(-)
More information about the Gpa-dev
mailing list