[PATCH] Fix curses running as root on tty of other user
Werner Koch
wk at gnupg.org
Thu Feb 17 18:38:16 CET 2011
On Tue, 15 Feb 2011 15:12, sochotnicky at redhat.com said:
> I have recently received bug report where running pinentry as root
> with tty set was failing. After some strac-ing, I found the culprit in
> dialog_run function inside pinentry-curses.c. It tries to open current
> tty if it is set, but it fails because pinentry removes all
> capabilities except ipc_lock.
Capabilities? Hmmm, I just checked and figured that there is use
enabled by default. The code is more than 10 years old and I was not
aware that it still works. For about the same time there is no need for
capabilities because at least Linux allows to mlock a few packages
without running under uid 0 (or with the respective capability).
The fix is to configure --without-libcap to disable the whole code and
best remove the code completely and update the secmem code to the one
used today by Libgcrypt or gpg 1.4.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gpa-dev
mailing list