[Fwd: perl EUID change causing failure]
Marcel Chastain - Security Administration
mchastain at ipowerweb.com
Tue Aug 1 20:30:14 CEST 2006
David Shaw wrote:
> On Mon, Jul 31, 2006 at 05:21:44PM -0700, Marcel Chastain - Security
> Administration wrote:
>> Yeah, I already have a workaround in place, I just wanted to report
>> it to the community/developers. This is a new bug, and I think they'd
>> be interested in why it's happening... Perhaps the gnupg-devel
>> mailing list would be better..?
> This is not a bug, and it certainly isn't new behavior. GnuPG will
> not run if the euid does not match the uid. On a number of platforms,
> GnuPG is installed setuid root so it can grab locked/unswappable
> memory. Once it has allocated a block of memory, it drops root privs.
> To prevent any chance of an attacker fooling the system into letting
> it keep root privs, it will halt if euid!=uid.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
This is certainly a dirty/harsh/feng-shui-less way of failing/exiting. I
would expect a normal internal check, and an appropriate error message
if this sort of thing is expected, i.e. "Security Violation" or
something similar. I mean, if you change the behavior of a program to
disallow a certain condition, you test for that condition and exit
properly, right..? Perhaps I'm gullible, but when a program tells me
"Ohhhh jeeeee: ... this is a bug"
I tend to think that it is a bug.
But you are right, the program probably thinks that it is being tricked
into keeping root privileges, hence the harsh failure and funky message.
Thanks for your help. ;-)
More information about the Gnupg-users