Bug#566351: libgcrypt11: should not change user id as a side effect

Ansgar Burchardt ansgar at 2008.43-1.org
Mon Jan 25 14:24:24 CET 2010


Werner Koch <wk at gnupg.org> writes:

> I understand that there is sometimes the need for lifetime long suid
> programs.  Although, I don't think that it is a sensible approach to
> write software this way (instead of using helpers like userv), I can add
> a hack to disable dropping of permissions.
> Ansgar, is it that what you want?

Yes, that is fine with me.  Changing the default may break assumptions
made by existing applications after all.

It would be nice if the documentation could mention that libraries that
initialize gcrypt themselves should use this hack.  Otherwise the
side effect of changing user ids is "inherited" by the library (which is
what was the problem here: the changing of user ids was inherited by
libnss-ldap via openldap and gnutls).


More information about the Gcrypt-devel mailing list