Bug#566351: libgcrypt11: should not change user id as a side effect

Werner Koch wk at gnupg.org
Mon Jan 25 15:47:57 CET 2010


On Mon, 25 Jan 2010 14:24, ansgar at 2008.43-1.org said:

> Yes, that is fine with me.  Changing the default may break assumptions
> made by existing applications after all.

Of course we will not change the default.

> It would be nice if the documentation could mention that libraries that
> initialize gcrypt themselves should use this hack.  Otherwise the

That will never happen.  This is totally bogus. 

If an application does not properly initialize libgcrypt it is in any
case a severe error.  However, Libgcrypt tries to minimize the bad
effects of this and thus in general it works just fine.  Dropping
extended privileges is a part of this.

> side effect of changing user ids is "inherited" by the library (which is
> what was the problem here: the changing of user ids was inherited by
> libnss-ldap via openldap and gnutls).

Are you trying to tell us that there is an application with dependencies
to libnss, openldap and gnutls and that one is intended to be run suid?
Did you audit all that code and the way the code is used to be written
properly in a way that the suid-ness is not exploitable? 

Given how hard it is to even write a small suid application I have
severe doubts about the application and whether my proposed hack makes
sense at all.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gcrypt-devel mailing list