[pkg-gnupg-maint] Bug#835629: Bug#835629: gnupg2: “unsafe ownership” is based on uid instead of euid
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 30 08:16:38 UTC 2016
Control: done 835629
On Sat 2016-08-27 14:25:50 -0400, Valentin Lorentz wrote:
> When running gnupg2 from an executable with a SUID, gnupg2 wrongly warns
> about “unsafe ownership on homedir”.
well, right. this is a pretty non-standard way to run gpg, and it seems
likely that there's a way to get to arbitrary code execution as the
setuid user even from something simple like this:
> Here is how to reproduce the bug:
>
> val at particle:/tmp $ cat foo.c
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
>
> void main(int argc, char* argv[]) {
> system("gpg2 --list-secret-keys --homedir=/home/dev-misc/.gnupg");
> }
>
> val at particle:/tmp $ sudo gcc foo.c && sudo chown dev-misc:dev-misc
> a.out && sudo chmod u+s a.out
so i think the warning is pretty appropriate, and i'm closing the bug to
reflect that.
if you really think there's a good use case for this, feel free to
reopen this bug report (or ask me to reopen it here) and explain what
you think the use case is.
Is the goal to allow the use of specific secret keys? if so, maybe what
you really want is a forwarded gpg-agent or something?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160830/cbb31ffb/attachment.sig>
More information about the pkg-gnupg-maint
mailing list