[Fwd: perl EUID change causing failure]
David Shaw
dshaw at jabberwocky.com
Tue Aug 1 04:37:08 CEST 2006
On Mon, Jul 31, 2006 at 05:21:44PM -0700, Marcel Chastain - Security Administration wrote:
> Yeah, I already have a workaround in place, I just wanted to report it
> to the community/developers. This is a new bug, and I think they'd be
> interested in why it's happening... Perhaps the gnupg-devel mailing list
> would be better..?
This is not a bug, and it certainly isn't new behavior. GnuPG will
not run if the euid does not match the uid. On a number of platforms,
GnuPG is installed setuid root so it can grab locked/unswappable
memory. Once it has allocated a block of memory, it drops root privs.
To prevent any chance of an attacker fooling the system into letting
it keep root privs, it will halt if euid!=uid.
David
More information about the Gnupg-users
mailing list