corrupt trustdb caused by commandline?
David Shaw
dshaw at jabberwocky.com
Thu May 25 15:58:20 CEST 2006
On Thu, May 25, 2006 at 06:42:45PM +0930, Alphax wrote:
> David Shaw wrote:
> > On Wed, May 24, 2006 at 11:38:17PM -0400, Atom Smasher wrote:
> >> On Tue, 9 May 2006, David Shaw wrote:
> >>
> >>> I'm not sure why you didn't have the problem in 1.4.2. It should happen
> >>> there as well.
> >>>
> >>> Try this patch.
> >> ===================
> >>
> >> took me some time to try this out...
> >>
> >> i tweaked the patch to drop it into
> >> /usr/ports/security/gnupg/files/patch-stdout.reopen.patch (freeBSD ports),
> >> reinstalled gpg and everything is now running smooth.
> >>
> >> so...
> >> * why was closing stdout causing gpg to have problems?
> >
> > It's not a GPG thing, specifically. Closing stdout (or stderr) is
> > actually a pretty dangerous thing to do on *any* program that opens
> > files and also uses printf.
> >
> > Here's an example:
> >
> > fd=open("foo",O_WRONLY,0777);
> > printf("hi there - I'm writing to a file\n");
> > write(fd,"whee",4);
> >
> > Normally, if you run this, you get "hi there" on stdout, and "whee" in
> > the file. Close stdout before you run it, and the open() can end up
> > with fd 1 attached to "foo". When you printf, you'll be printf-ing to
> > "foo" as well, mangling it.
> >
> > If the goal is to squish stdout, you should redirect stdout to
> > /dev/null rather than closing it outright.
> >
> >> * will this patch be incorporated into production?
> >
> > Yes. Already has, actually.
> >
> >> * why was 1.4.2 not having problems with this?
> >
> > Luck? I'm honestly not sure - the code in 1.4.2 and 1.4.3 here is
> > nearly identical.
> >
>
> Well, I've experienced this problem before - mainly when CTRL+C-ing an
> operation that's acting on the keyring and/or the trustdb. Not much fun
> to recover from.
Terminating a process acting on the keyring should not cause this
unless you are closing stdout or stderr.
David
More information about the Gnupg-devel
mailing list