[PATCH] Fix curses running as root on tty of other user

Werner Koch wk at gnupg.org
Thu Feb 17 18:38:16 CET 2011


On Tue, 15 Feb 2011 15:12, sochotnicky at redhat.com said:
> I have recently received bug report where running pinentry as root
> with tty set was failing. After some strac-ing, I found the culprit in
> dialog_run function inside pinentry-curses.c. It tries to open current
> tty if it is set, but it fails because pinentry removes all
> capabilities except ipc_lock.

Capabilities?  Hmmm, I just checked and figured that there is use
enabled by default.  The code is more than 10 years old and I was not
aware that it still works.  For about the same time there is no need for
capabilities because at least Linux allows to mlock a few packages
without running under uid 0 (or with the respective capability).

The fix is to configure --without-libcap to disable the whole code and
best remove the code completely and update the secmem code to the one
used today by Libgcrypt or gpg 1.4.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gpa-dev mailing list