Bug report: "Ohhhh jeeee" error when GnuPG 1.4.1 installed suid with caps enabled

ddcc at email.com ddcc at email.com
Sat Mar 19 02:48:03 CET 2005


This bug report is related to the problem discussed in these previous messages:


I didn't see any resolution, and I think I've discovered what the problem is, so I'm filing this report.

If you install GnuPG 1.4.1 with capabilities enabled, and suid the binary, when you run gpg, you get the error:

	gpg: Ohhhh jeeee: ... this is a bug (g10.c:1756:main)
	secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768

The code that triggers this error is:

	/* There should be no way to get to this spot while still carrying
	   setuid privs.  Just in case, bomb out if we are. */

The code is making sure that suid has been dropped after setting up protected memory. The problem is that in secmem.c, in lock_pool() drops suid only when USE_CAPABILITIES is not enabled. Therefore, if gpg is suid AND capabilities are enabled, then suid never gets dropped.

The function secmem_init() in secmem.c also has the same problem.

One more thing: if capabilities are enabled, then we should NOT get the insecure memory warning, right, even if we don't suid gpg? The warning still gets printed for me though, so can someone fix that?


More information about the Gnupg-devel mailing list