[gpg-agent] Empty OPTION xauthority=
Werner Koch
wk at gnupg.org
Mon Mar 4 09:13:14 CET 2024
On Sun, 3 Mar 2024 20:38, Matěj Cepl said:
> 1. Could you please explain why it is racy? Why from all services
Because all components of gnupg will start gpg-agent and the other
daemons oin the fly and make sure that only one is started. Systemd
does not know about this specific start mechanism and thus you might see
two daemon processes for some time until their self-check detects this
situation. In most cases this is just a annoying but it may very well
happen that the two processes receove different information and are not
abale to properly handle the caching. With smartcards you may also run
into lockups becuase only one process may hold access to a smartcard.
With keyboxd we even didn't implement the systemd start thingy because
keyboxd acquires a process lifetime lock on the database and thus a
second process won't be abale to get that lock and timeout after some
time.
> 2. When running on MicroOS system (or Fedora Atomic) how could
> you guarantee that there is only one gpg-agent and gpg
> doesn't try to run it inside of a container, thus making it
I have no idea what this is about. In case you need to play interesting
games with the sockets, the gpgconf.ctl mechanism might be helpful.
Using no-autostart in the common.conf might be useful. We use it always
when running a remote gpg.
> What? You know there is a vulnerability in gpg (actually,
> couldn't the particularly modified environment be abused for some
Please read again what I wrote: An empty string for the value is simply
invalid syntax. That is different from not giving a value which is
specified as removing the envvar (cf. "" vs. NULL).
> I have Wayland-only system (based on sway), so whole XAUTH*
> variables are nonsensical here.
Others might be:
$ gpg-connect-agent 'getinfo std_env_names' /bye
D GPG_TTY
D TERM
D DISPLAY
D XAUTHORITY
D XMODIFIERS
D WAYLAND_DISPLAY
D XDG_SESSION_TYPE
D QT_QPA_PLATFORM
D GTK_IM_MODULE
D DBUS_SESSION_BUS_ADDRESS
D QT_IM_MODULE
D INSIDE_EMACS
D PINENTRY_USER_DATA
D PINENTRY_GEOM_HINT
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240304/2d1c3e9d/attachment.sig>
More information about the Gnupg-users
mailing list