[Fwd: perl EUID change causing failure]

Jonathan Rockway jon at jrock.us
Tue Aug 1 00:09:47 CEST 2006


Might I suggest using a pre-implemented perl solution?

Crypt::OpenPGP:
http://search.cpan.org/~btrott/Crypt-OpenPGP-1.03/lib/Crypt/OpenPGP.pm
GnuPG::Interface: http://search.cpan.org/~ftobin/GnuPG-Interface-0.33/

And also, GPG, Mail::GPG, Crypt::GPG, or Mail::GnuPG.

http://search.cpan.org/search?query=gpg&mode=all

In other words, other people have already worked out the details, so why
not try one of those modules before fighting with something that's not
really worth your time?

Regards,
Jonathan Rockway


Marcel Chastain - Security Administration wrote:
> I have a perl wrapper around gpg for use within a web app. It changes
> its 'EUID' (Effective UserID) early in the script.
> From there, it attempts to run
> /usr/local/bin/gpg --list-public-keys
>
> My test script:
> #!/usr/bin/perl
> $ENV{'GNUPGHOME'} = '/home/username/.gnupg';
> my $uid = getpwnam("username");
> $> = $uid;
> print `/usr/local/bin/gpg --list-public-keys`;
>
> The output:
> gpg: Ohhhh jeeee: ... this is a bug (gpg.c:1880:main)
> secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
>
> (replace the word 'username' with a user on your system for testing
> purposes)
> Now, this *only* happens when setting the EUID. I can set the
> RealUID($<) and things work perfectly.
>
> Does this have something to do with the code updates mentioned in the
> "What's New" section..? (
> http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html )
>
>     User IDs are now capped at 2048 bytes.  This avoids a memory
>     allocation attack (see CVE-2006-3082).
>
> Running gnupg 1.4.4 compiled from ports, freebsd 4.11-STABLE .
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> perl EUID change causing failure
> From:
> Marcel Chastain - Security Administration <mchastain at ipowerweb.com>
> Date:
> Wed, 26 Jul 2006 16:26:48 -0700
> To:
> gnupg-devel at gnupg.org
>
> To:
> gnupg-devel at gnupg.org
>
>
> I have a perl wrapper around gpg for use within our company's internal
> control panel. It changes its 'EUID' (Effective UserID) early in the
> script.
> From there, it attempts to run
> /usr/local/bin/gpg --list-public-keys
>
> My test script:
> #!/usr/bin/perl
> $ENV{'GNUPGHOME'} = '/home/username/.gnupg';
> my $uid = getpwnam("username");
> $> = $uid;
> print `/usr/local/bin/gpg --list-public-keys`;
>
> The output:
> gpg: Ohhhh jeeee: ... this is a bug (gpg.c:1880:main)
> secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
>
> (replace the word 'username' with a user on your system for testing
> purposes)
> Now, this *only* happens when setting the EUID. I can set the RealUID
> and things work perfectly.
>
> Running gnupg 1.4.4 compiled from ports, freebsd 4.11-STABLE .
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>   




More information about the Gnupg-users mailing list