gpgme after setuid

Stephan Menzel smenzel at gmx-gmbh.de
Thu Aug 3 12:11:55 CEST 2006 

Hi,

I have just discovered a really strange problem using libgpgme inside a 
daemon. This Daemon drops root privileges after being started with sudo and 
runs as a special user, let's call him 'nobody'

gpgme is configured to work for 'nobody'. In his home dir are all the config 
files and gpgsm works well.
And gpgme used to work in the daemon too but not anymore. I don't know what 
happend but strace shows me gpgme is looking for gpgsm's config files etc in 
the homedir of the user who actually started the daemon.

an strace looks like this (user sm started the daemon with sudo here):

[pid 10422] mmap2(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xa7fb6000
[pid 10422] getuid32()                  = 0
[pid 10422] mlock(0xa7fb6000, 16384)    = 0
[pid 10422] open("/home/sm/.gnupg/gpgsm.conf", O_RDONLY|O_LARGEFILE) = -1 
ENOENT (No such file or directory)
[pid 10422] open("/home/sm/.gnupg/pubring.kbx", O_RDONLY|O_LARGEFILE) = -1 
ENOENT (No such file or directory)
[pid 10422] open("/home/sm/.gnupg/pubring.kbx", O_RDONLY|O_LARGEFILE) = -1 
ENOENT (No such file or directory)
[pid 10422] open("/home/sm/.gnupg/pubring.kbx", O_WRONLY|O_CREAT|O_TRUNC|
O_LARGEFILE, 0666) = -1 ENOENT (No such file or directory)
[pid 10422] getuid32()                  = 0
[pid 10422] geteuid32()                 = 200
[pid 10422] mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xa7fb4000
[pid 10422] write(2, "gpgsm: error creating keybox 
`/home/sm/.gnupg/pubring.kbx\': No such file or directory\n", 86) = 86
[pid 10422] write(2, "gpgsm: you may want to start the gpg-agent first\n", 49) 
= 49
[pid 10422] write(2, "gpgsm: keyblock resource `/home/sm/.gnupg/pubring.kbx\': 
No such file or directory\n", 82) = 82
[pid 10422] munmap(0xa7fb6000, 16384)   = 0
[pid 10422] munmap(0xa7fb4000, 8192)    = 0
[pid 10422] exit_group(1)               = ?
Process 10422 detached

The strange thing is, if I start the same daemon as 'nobody', it works fine.
Did you change something in the was gpgsm locates it's homedir?



Greetings...

Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060803/bad933dd/attachment.pgp

More information about the Gnupg-devel mailing list