Bug report: "Ohhhh jeeee" error when GnuPG 1.4.1 installed suid
with caps enabled
ddcc at email.com
ddcc at email.com
Tue Nov 29 09:56:18 CET 2005
Hi,
I pointed out this problem in March, but it's still present in 1.4.2, so I'm bumping this thread, and pointing you guys to a patch at <http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg-caps.interdiff?bug=260803;msg=5;att=1>.
In summary, the problem is that if GnuPG is built with capabilities enabled *AND* the binary is setuid, we get the "Ohhhh jeeee" panic because gnupg drops capabilities but doesn't drop root, so the getuid()!=geteuid() test fails. The patch makes sure it drops root even if capabilities are enabled. (It also cleans up a capabilities context leak.)
Original bug report with full details: <http://lists.gnupg.org/pipermail/gnupg-devel/2005-March/021920.html>.
--David
More information about the Gnupg-devel
mailing list