Bug report: "Ohhhh jeeee" error when GnuPG 1.4.1 installed suid with caps enabled

Albrecht Dreß albrecht.dress at arcor.de
Sun Mar 20 22:25:56 CET 2005

Hash: SHA1

Am 19.03.05 02:48 schrieb(en) ddcc at email.com:
> This bug report is related to the problem discussed in these previous
> messages:
[snipped bug description]

I discovered a similar problem in pinentry, see  

Unfortunately, the list archive seems to have problems to deal with this  
message (which is a multipart/signed), so FYI here again are the content  
and the proposed fix:

Am 28.01.05 21:38 schrieb(en) Albrecht Dreß:
> Hi all,
> I installed the latest pinentry 0.7.2 tarball on my box and realised  
> that the gtk1 and 2 versions didn't accept them to be SUID root any  
> more. Since the latest release, I upgraded my box from Yellowdog Linux  
> v.3 to v.4 (the latter one is roughly FC 2 for the PowerMac). The only  
> difference is that the "new" system has libcap, wheres it was not  
> available with the old one.
> Investigating the problem in more depth, I found that without linking  
> against libcap, setuid() (called in util.c, func drop_priv) will set  
> both the effective and the saved user id to the passed value. When  
> linked against libcap, only the effective uid is reset, but the saved  
> uid remains 0, and thus gtk [12] refuses to start.
> I am not sure if this is the desired behaviour, or a bug in libcap, but  
> I wanted to have pinentry-gtk-2 be suid root again... To this end, the  
> attached patch tries to detect if the function setresuid() is available  
> and uses it if possible. Now the saved uid is also reversed fine.
> System details:
> * PowerMac running Linux 2.6.10
> * glibc 2.3.3
> * gcc 3.3.3
> * libcap-1.10-18.1 rpm
> Opinions?
> Cheers, Albrecht.

- -- 
  Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
        Phone (+49) 228 6199571  -  mailto:albrecht.dress at arcor.de
    GnuPG public key:  http://home.arcor.de/dralbrecht.dress/pubkey.asc
Version: GnuPG v1.4.1 (GNU/Linux)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: pinentry-setresuid.patch.gz
Type: application/x-gzip
Size: 464 bytes
Desc: not available
Url : /pipermail/attachments/20050320/86af7372/pinentry-setresuid.patch.bin

More information about the Gnupg-devel mailing list