Should gpg try to connect to TCP/993?
Bjarni Runar Einarsson
bre at pagekite.net
Wed Oct 23 15:12:17 CEST 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Mikhail,
What follows is an educated guess, but only a guess...
Mikhail Morfikov via Gnupg-users <gnupg-users at gnupg.org> wrote:
> gpg wants to connect to the network, but it looks like it wants
> also TCP/993 (IMAPS). This happens when I use Thunderbird as a
> mail clinet + Enigmail extension, which make some use of gpg.
...
> doesn't show anything that points to gpg. When I prevent gpg
> from connecting to this port, I can't access my mail account in
> Thunderbird -- it just tries to refresh the inbox, but it just
> stalls. When I restart Thunderbird at this point, then
> everything backs to normal, and I don't see any drops in OUTPUT
> traffic. Could anyone explain what's going on here?
The way processes are spawned on Unix, fork()/exec() will by
default inherit open file descriptors. Thunderbird/Enigmail will
fork()/exec() to launch gpg.
Each active TCP/IP connection has an open file descriptor. So, if
Enigmail's gpg launcher hasn't taken care to close unneeded file
descriptors after fork() and before exec(), gpg will inherit the
connections Thunderbird had open at the time of invocation.
Since gpg doesn't actually know anything about these connections,
it likely won't close them, they'll stay open (potentially even
after Thunderbird has closed them, although that doesn't match
all the symptoms you've described).
If your firewall then sends RST packets to close connections
which gpg isn't supposed to be making, it will actually be
shutting down the connections Thunderbird was using and you won't
be able to access your mail.
(This scenario matches what you have described, but I haven't
reproduced your problem to verify it is indeed the case.)
Hope this helps!
- Bjarni
- --
PageKite.net lets your personal computer be part of the web
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEETBSz4pzXkOHlSFMhjgA3FgDPlJEFAl2wUdYACgkQjgA3FgDP
lJH11ggAk3SujXyDYqzLdDkbDksZwkdZEE5fhMPfukMGrs6/N2L08yzUxKYTx9v4
QdTY5BmUVl2sG21eUY+y90Y0YK3lpHJNrfe9Rrw5QnHXjB4B1fuzQCuUfwVv3YGt
kHtj95clWgHsWWqIh5AWnt4LDk4inZ6+SVhj0k49eyea3GIelL/iJxxQ9wFjbPVY
sbxiUP83qtTgKDVW98rneVS8mgJ6/d0Qf+RQFRmR3E+6RYPDo0FoNhpKGodTN4BO
Ph+GuwuHBu0o7cjxdsgNdFY8v1GgcpQOtJ9gbZs5ysBeG4nrejxwK1EFbiAh+YX/
cZTfoE7/g0PJ877299r5C1uPAUTXHg==
=5yoS
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list