[buildd-tools-devel] [Bug 486944] Re: Different permission denied errors

Roger Leigh rleigh at codelibre.net
Sun Mar 7 14:43:09 UTC 2010


On Sun, Mar 07, 2010 at 02:57:23PM +0100, Andreas Metzler wrote:
> On 2010-03-07 Roger Leigh <rleigh at codelibre.net> wrote:
> > [GnuTLS maintainers: I'd appreciate some input on this regarding gcrypt
> > dropping root privs inappropriately, which causes massive breakage]
> 
> > original report came from https://bugs.launchpad.net/ubuntu/+source/schroot/+bug/486944
> 
> > On Sun, Mar 07, 2010 at 10:57:44AM +1100, Brian May wrote:
> [...]
> > at which point we go into libgcrypt and then the buggy setuid call
> > comes from lock_pool in src/secmem.c:
> [...]
> 
> Hello,
> This seems to be basically the same issue as
> <http://bugs.debian.org/566351> which was forwarded upstream and ended
> with <http://mid.gmane.org/878wbju9is.fsf@vigenere.g10code.de>.
> 
> Also note that <http://bugs.debian.org/543941> makes gcrypt less than
> optimal for nsswitch/pam-modules.

Thanks for the references, which made interesting reading.  After
reading them, I have to say I'm still of the opinion that libgcrypt
is buggy here--it just shouldn't be dropping root privs as a side
effect; that should be the responsibility of the caller.  I
understand libgcrypt was written primarily for GnuPG, but really the
priv dropping should be in the gnupg binary, not the library since
the privileges are process/program-dependent, not library-dependent.
i.e. it's making security policy decisions on my behalf which is
overreaching its responsibilities.  Having this functionality
enabled via a configurable parameter e.g. function argument is
fair enough, but mandatory dropping is just too much.

The other issues WRT dlopening not being supported are also worrying,
especially given that it's so trivial to add
"__attribute__((destructor))" to a cleanup function.

Unsure who's responsibility this bug really is.  I'm just a PAM
user, and this behaviour is all down to systems using libpam_ldap/
libnss-ldap hitting the above weird behaviour.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100307/d53b4df0/attachment.pgp>


More information about the Buildd-tools-devel mailing list