gpg setuid access error
Bernard
bht@actrix.gen.nz
Tue Jun 5 00:58:01 2001
Hi all, I am lost and I need help.
The gpg program version gnupg-1.0.6-1.i586.rpm, which I installed as
setuid(root) on Redhat Linux 7, fails to access the files of the
caller when permissions are set as specified.
What am I missing? Is this a bug?
Background (refer to gpg.man as in the Windows distribution with the
same version);
BUGS
On many systems this program should be installed as
setuid(root). This is necessary to lock memory pages.
Locking memory pages prevents the operating system from
writing memory pages to disk. If you get no warning
message about insecure memory your operating system
supports locking without being root. The program drops
root privileges as soon as locked memory is allocated.
I executed as root:
chmod u+s /usr/bin/gpg
Then I logged on as another user ("foo") and issued the following
command:
gpg --keyring /home/foo/.gnupg/pubring.pgp --always-trust -r
recipient@somedomain.com -a -e
The errors I get are:
gpg: /home/foo/.gnupgp/secring.gpg: can't create keyring: Permission
denied
gpg: keyblock resource '/home/foo/.gnupgp/secring.gpg': file open
error
... more errors
all /home/foo/.gpg/* files are owned by foo!
permissions of
/home/foo/.gnupgp/secring.gpg
are:
-rw------- 1 foo foo ...
When I change the permission of the binary back with:
chmod u-s /usr/bin/gpg
then I get the expected warning:
Warning: using insecure memory!
but the program otherwise works as expected.
Note:
(the gpg command as above expects clear text input from stdin
(console), which has to be terminated with [Ctrl+D] on Linux.
Any help is highly appreciated.
Bernard
bht@actrix.gen.nz