Bug report: "Ohhhh jeeee" error when GnuPG 1.4.1 installed suid
with caps enabled
ddcc at email.com
ddcc at email.com
Sat Mar 19 02:48:03 CET 2005
Hi,
This bug report is related to the problem discussed in these previous messages:
<http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021840.html>
<http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021824.html>
I didn't see any resolution, and I think I've discovered what the problem is, so I'm filing this report.
If you install GnuPG 1.4.1 with capabilities enabled, and suid the binary, when you run gpg, you get the error:
gpg: Ohhhh jeeee: ... this is a bug (g10.c:1756:main)
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
Aborted
The code that triggers this error is:
/* There should be no way to get to this spot while still carrying
setuid privs. Just in case, bomb out if we are. */
if(getuid()!=geteuid())
BUG();
The code is making sure that suid has been dropped after setting up protected memory. The problem is that in secmem.c, in lock_pool() drops suid only when USE_CAPABILITIES is not enabled. Therefore, if gpg is suid AND capabilities are enabled, then suid never gets dropped.
The function secmem_init() in secmem.c also has the same problem.
One more thing: if capabilities are enabled, then we should NOT get the insecure memory warning, right, even if we don't suid gpg? The warning still gets printed for me though, so can someone fix that?
Thanks,
David
More information about the Gnupg-devel
mailing list