gpg setuid access error

Bernard bht at
Sun Jul 1 05:25:01 CEST 2001

Hi all, I am lost and I need help.

The gpg program version gnupg-1.0.6-1.i586.rpm, which I installed as
setuid(root) on Redhat Linux 7, fails to access the files of the
caller when permissions are set as specified.

What am I missing? Is this a bug?

Background (refer to as in the Windows distribution with the
same version);

       On many  systems  this  program  should  be  installed  as
       setuid(root).  This  is  necessary  to  lock memory pages.
       Locking memory pages prevents the  operating  system  from
       writing  memory  pages  to  disk.  If  you  get no warning
       message  about  insecure  memory  your  operating   system
       supports  locking  without  being  root. The program drops
       root privileges as soon as locked memory is allocated.

I executed as root:

chmod u+s /usr/bin/gpg

Then I logged on as another user ("foo") and issued the following

gpg --keyring /home/foo/.gnupg/pubring.pgp --always-trust -r
recipient at -a -e

The errors I get are:

gpg: /home/foo/.gnupgp/secring.gpg: can't create keyring: Permission
gpg: keyblock resource '/home/foo/.gnupgp/secring.gpg': file open

... more errors

all /home/foo/.gpg/* files are owned by foo!
permissions of
-rw-------   1   foo  foo ...

When I change the permission of the binary back with:

chmod u-s /usr/bin/gpg

then I get the expected warning:

Warning: using insecure memory!

but the program otherwise works as expected.

(the gpg command as above expects clear text input from stdin
(console), which has to be terminated with [Ctrl+D] on Linux.

Any help is highly appreciated.
bht at

More information about the Gnupg-devel mailing list