Bugs in gnupg-1.4.0 and related packages

Andrew Shcheglov andrewbass at gmail.com
Tue Feb 8 07:58:50 CET 2005


When installed setuid root, gpg bails out with the error message:

gpg: Ohhhh jeeee: ... this is a bug (g10.c:1758:main)
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768

In file g10/g10.c, line 1758 there's a check whether real and
effective uids are equal. This may be caused by grsecurity kernel
patch.

$ uname -a
Linux bass.science.syrus.ru 2.4.25-grsec #2 Wed Mar 24 14:22:55 MSK
2004 i686 i686 i386 GNU/Linux
$ grep 'GRKERNSEC' /usr/src/linux-2.4.25-grsec/.config
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MID is not set
# CONFIG_GRKERNSEC_HI is not set
CONFIG_GRKERNSEC_CUSTOM=y
# CONFIG_GRKERNSEC_PAX_SOFTMODE is not set
# CONFIG_GRKERNSEC_PAX_EI_PAX is not set
# CONFIG_GRKERNSEC_PAX_PT_PAX_FLAGS is not set
CONFIG_GRKERNSEC_PAX_NO_ACL_FLAGS=y
# CONFIG_GRKERNSEC_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_GRKERNSEC_PAX_HOOK_ACL_FLAGS is not set
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
# CONFIG_GRKERNSEC_LINK is not set
# CONFIG_GRKERNSEC_FIFO is not set
# CONFIG_GRKERNSEC_CHROOT is not set
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
# CONFIG_GRKERNSEC_RESLOG is not set
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
# CONFIG_GRKERNSEC_SIGNAL is not set
# CONFIG_GRKERNSEC_FORKFAIL is not set
# CONFIG_GRKERNSEC_TIME is not set
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_EXECVE is not set
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDISN=y
CONFIG_GRKERNSEC_RANDID=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_RANDRPC=y
# CONFIG_GRKERNSEC_SOCKET is not set
# CONFIG_GRKERNSEC_SYSCTL is not set
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

Also there're minor typos in texinfo documentation which make emacs
info browser unable to display the corresponding info pages (packages
affected are: libgcrypt-1.2.1 and libksba-0.9.10). See attachments for
patches.

--
Yours sincerely,
        Andrew ``Bass'' Shcheglov.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libgcrypt-1.2.1.patch
Type: application/octet-stream
Size: 332 bytes
Desc: not available
Url : /pipermail/attachments/20050208/6163b488/libgcrypt-1.2.1.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libksba-0.9.10.patch
Type: application/octet-stream
Size: 335 bytes
Desc: not available
Url : /pipermail/attachments/20050208/6163b488/libksba-0.9.10.obj


More information about the Gnupg-devel mailing list