trustdb opened for writing needlessly?
Frank Tobin
ftobin@uiuc.edu
Sun Apr 22 06:52:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It seems that GnuPG needless tries to open trustdb.gpg for writing, even
when --always-trust is given.
Consider this scenario. I have read-only access to trustdb.gpg.
I cannot do "gpg --always-trust --with-colons --list-keys", for it dies:
gpg: fatal: /home/ftobin/.gnupg/trustdb.gpg: can't open: Permission
denied
But I do have read access to trustdb.gpg; why would GnuPG be opening it
for anything but reading while listing keys?
This problem also exhibits itself when, again, I have read-only access to
the trustdb, and I try to decrypt "gpg --decrypt encrypted.asc":
gpg: fatal: /home/ftobin/.gnupg/trustdb.gpg: can't open: Permission
denied
Again, why is there any need to open the trustdb for writing?
This problem is extremely annoying when trying to use GnuPG in a
non-interactive, unprivileged mode, where it should only have read-only
access to the entire homedir. Currently, I have no way for a CGI running
under the user 'nobody' to use a world-readable homedir while decrypting.
I consider this behaviour a bug in GnuPG. GnuPG is trying to open
trustdb.gpg for writing when it should not need to; this is bad practice.
Furthermore, GnuPG does not do a good job of error-reporting when it fails
to open a file. It says "can't open: Permission denied", but it does not
indicate "can't open for writing: Permission denied". The indication
between failure to open for reading or writing is very important for
debugging.
Tested using GnuPG 1.04h. Note that all examples above were tested using
- --no-options.
- --
Frank Tobin http://www.uiuc.edu/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: pgpenvelope 2.10.0 - http://pgpenvelope.sourceforge.net/
iEYEARECAAYFAjriYzcACgkQVv/RCiYMT6OhawCgg+fSC8Zl/7J+HWxuIo+hAMKf
XFUAoLFMIk1JgUB6T9jr5csRKyIfr1AC
=ZoSN
-----END PGP SIGNATURE-----