gpg setuid access error

Bernard bht at actrix.gen.nz
Sun Jul 1 05:25:01 CEST 2001


Hi all, I am lost and I need help.

The gpg program version gnupg-1.0.6-1.i586.rpm, which I installed as
setuid(root) on Redhat Linux 7, fails to access the files of the
caller when permissions are set as specified.

What am I missing? Is this a bug?

Background (refer to gpg.man as in the Windows distribution with the
same version);

BUGS
       On many  systems  this  program  should  be  installed  as
       setuid(root).  This  is  necessary  to  lock memory pages.
       Locking memory pages prevents the  operating  system  from
       writing  memory  pages  to  disk.  If  you  get no warning
       message  about  insecure  memory  your  operating   system
       supports  locking  without  being  root. The program drops
       root privileges as soon as locked memory is allocated.

I executed as root:

chmod u+s /usr/bin/gpg

Then I logged on as another user ("foo") and issued the following
command:

gpg --keyring /home/foo/.gnupg/pubring.pgp --always-trust -r
recipient at somedomain.com -a -e

The errors I get are:

gpg: /home/foo/.gnupgp/secring.gpg: can't create keyring: Permission
denied
gpg: keyblock resource '/home/foo/.gnupgp/secring.gpg': file open
error

... more errors

all /home/foo/.gpg/* files are owned by foo!
permissions of
/home/foo/.gnupgp/secring.gpg
are:
-rw-------   1   foo  foo ...


When I change the permission of the binary back with:

chmod u-s /usr/bin/gpg

then I get the expected warning:

Warning: using insecure memory!

but the program otherwise works as expected.

Note:
(the gpg command as above expects clear text input from stdin
(console), which has to be terminated with [Ctrl+D] on Linux.

Any help is highly appreciated.
Bernard
bht at actrix.gen.nz




More information about the Gnupg-devel mailing list