False insecure memory warnings...

gabriel rosenkoetter gr@eclipsed.net
Fri Apr 4 17:56:01 2003


--L+ofChggJdETEG3Y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 03, 2003 at 04:40:52PM -0500, David Shaw wrote:
> I've seen this a few times before.  Check to make sure that there
> isn't another copy of gpg somewhere, and the gpg that cron is running
> is the same one that you're running from the shell.

I *knew* I forgot to tack some reporting onto that email. I'd run
this in a separate screened session, forgot to grab it and dump it
in the email:

uriel:~# id
uid=3D0(root) gid=3D0(wheel) groups=3D0(wheel),2(kmem),3(sys),4(tty),5(oper=
ator),20(staff),30(web),31(guest),1000(pgsql)
uriel:~# find / -name gpg
/usr/pkg/bin/gpg
/usr/pkgsrc/security/gnupg/work/gnupg-1.2.1/g10/gpg
/home/gr/tmp/gpg
uriel:~#=20

Neither of those alternates are likely places for PATH to catch...

And, in any case, here's the full cron report, including exactly
what PATH it was using:

=46rom root@eclipsed.net  Fri Apr  4 08:00:39 2003
Return-Path: <root@eclipsed.net>
Delivered-To: gr@eclipsed.net
Received: by uriel.eclipsed.net (Postfix, from userid 0)
        id 1F1EA49702; Fri,  4 Apr 2003 08:00:38 -0500 (EST)
From: root@eclipsed.net (Cron Daemon)
To: gr@eclipsed.net
Subject: Cron <gr@uriel> zsh -c 'time gpg --no --batch --check-trustdb'
X-Cron-Env: <SHELL=3D/bin/sh>
X-Cron-Env: <HOME=3D/home/gr>
X-Cron-Env: <PATH=3D/usr/bin:/bin:/usr/pkg/bin:/usr/local/bin>
X-Cron-Env: <LOGNAME=3Dgr>
X-Cron-Env: <USER=3Dgr>
Message-Id: <20030404130038.1F1EA49702@uriel.eclipsed.net>
Date: Fri,  4 Apr 2003 08:00:38 -0500 (EST)
X-Spam-Status: No, hits=3D-0.5 required=3D4.1
tests=3DCRON_ENV,SPAM_PHRASE_02_03
+version=3D2.44=20
X-Spam-Level:=20

gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information

gpg: checking at depth 0 signed=3D49 ot(-/q/n/m/f/u)=3D0/0/0/0/0/1
gpg: checking at depth 1 signed=3D82 ot(-/q/n/m/f/u)=3D0/0/0/19/30/0
gpg: checking at depth 2 signed=3D287 ot(-/q/n/m/f/u)=3D1/0/0/69/5/0
gpg: checking at depth 3 signed=3D178 ot(-/q/n/m/f/u)=3D1/74/0/21/0/0
gpg: next trustdb check due at 2003-04-16
gpg --no --batch --check-trustdb  15.32s user 10.38s system 69% cpu 37.171 =
total

So I really am sure that it really is using exactly the same gpg I
call from the command line. If there's really still doubt as to
that, I'm glad to specify a full path, but I sincerely doubt that
doing so will change this. But, hey, what the hell. Let's find out!

Just tossed this in:

45 10 * * 1-5 zsh -c 'time /usr/pkg/bin/gpg --no --batch --check-trustdb'

And here's the full output (without the full headers this time):

From: root@eclipsed.net (Cron Daemon)
Subject: Cron <gr@uriel> zsh -c 'time /usr/pkg/bin/gpg --no --batch --check=
-trustdb'
Date: Fri,  4 Apr 2003 10:45:03 -0500 (EST)
To: gr@eclipsed.net
Delivered-To: gr@eclipsed.net  =20
X-Cron-Env: <SHELL=3D/bin/sh>    =20
X-Cron-Env: <HOME=3D/home/gr>    =20
X-Cron-Env: <PATH=3D/usr/bin:/bin:/usr/pkg/bin:/usr/local/bin>
X-Cron-Env: <LOGNAME=3Dgr>
X-Cron-Env: <USER=3Dgr>
X-Spam-Status: No, hits=3D-0.5 required=3D4.1 tests=3DCRON_ENV,SPAM_PHRASE_=
02_03 version=3D2.44
X-Spam-Level:
 =20
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: next trustdb check due at 2003-04-16
/usr/pkg/bin/gpg --no --batch --check-trustdb  0.10s user 0.23s system 10% =
cpu 3.040 total

And, just so it's totally crystal clear, here's this again:

uriel:~# ls -lF /usr/pkg/bin/gpg
-r-sr-xr-x  1 root  wheel  684660 Feb 27 07:27 /usr/pkg/bin/gpg*

As to not specifying full paths... I make a living as a Unix systems
administrator. I really do know when it's okay, I promise. :^>

So then. Is there *any* way that this is a problem with gpg, or is
it time for me to go digging in just what the hell NetBSD's crond is
doing with euids?

--=20
gabriel rosenkoetter
gr@eclipsed.net

--L+ofChggJdETEG3Y
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE+jatf9ehacAz5CRoRArSLAJ4nmkFypm13OBkZ+YXCuPmaDICbNgCcCa84
SaKy8s1f0ne0ALetMZmA+AQ=
=1T8o
-----END PGP SIGNATURE-----

--L+ofChggJdETEG3Y--