GnuPG exploit [Fwd: Possible problem with GnuPG 1.0.6]

David Shaw dshaw@jabberwocky.com
Mon Dec 31 20:48:01 2001 

--EuxKj2iCbKjpUGkD
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 31, 2001 at 12:20:15PM +0100, Philipp G=FChring wrote:

> > This is unrelated to gpg being setuid or not.  It is also somewhat
> > unrelated to gpg - *any* setgid program that can write to a file can
> > write to a group-writable file with the same group.
>=20
> Sure *any* setgid program can write to that. But should gpg do it?
>=20
> Aren't the checks for effective rights there to handle that?

Of course not.  GnuPG is not supposed to be installed setgid.  Nowhere
in the installation is it made setgid.  In fact, in the installation
it is made explicitly NOT setgid.

If after all that, the user still goes ahead and makes it setgid, then
that is not a problem in GnuPG.  GnuPG cannot prevent the user from
doing something stupid.

Would you consider it a bug in "cat" if it was installed setgid?  It's
the same issue.

The bug here was in the Mandrake installer which installed GnuPG
setgid.  The Mandrake people fixed the installation bug.  Problem
solved.

> If GnuPG wants to be setuid root, than it has to be developped to be safe=
 in=20
> that way.

It is safe when setuid root.  You are confusing setuid and setgid.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--EuxKj2iCbKjpUGkD
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6d-cvs (GNU/Linux)

iQEVAwUBPDDAdIccwqs8s7QVAQFhcwf+ILBP0HQYBv/jqQPRurkX7TmHj3Wp2TIU
rFXVxt091O5lS36ExwrRmpkK67QolXTe6H5YL9TensQbCnZ9SSM6MbJCQwRBW12D
umcwmK80CPZiOlNa7Sp8O3n8qR346wgCYpnYbHCVypG9GTCpXA8376lTwkCoA8qr
Js7p/PtVQSIuMfKmrUMv00oOzln5cQlhPd8W6hllai4+JXFxkts0QdkaTmcPD0cR
y8Ua9KJFvUn/IG8PagLQkFqIiRree80gZ9SaPMxg5ux3C6NbA+HetDmsyyGuFBVP
8oAMjif6XiDjuAVQeJstUiulXiPABE9CVO3jWE9YU0P2a3yYoA1e5g==
=N43j
-----END PGP SIGNATURE-----

--EuxKj2iCbKjpUGkD--