Bug#566351: libgcrypt11: should not change user id as a side effect

Ansgar Burchardt ansgar at 43-1.org
Mon Jan 25 16:13:48 CET 2010


Werner Koch <wk at gnupg.org> writes:

> Are you trying to tell us that there is an application with dependencies
> to libnss, openldap and gnutls and that one is intended to be run suid?
> Did you audit all that code and the way the code is used to be written
> properly in a way that the suid-ness is not exploitable?

Yes, it is even quite simple to write such an application: Just call
getgroups(), getpwent(), ... on a system that uses LDAP.  If there is no
caching daemon like nscd running, the application will use libnss-ldap
(via glibc's Name Service Switch) which can in turn use gnutls.

As the application itself does not use openldap, gnutls, or gcrypt there
is no way it could initialize gcrypt.

Using PAM can probably result in similar problems.

Regards,
Ansgar



More information about the Gcrypt-devel mailing list