[Pkg-gnupg-maint] Bug#773716: Should show requesting process PID/command as part of the pinentry text

Yuri D'Elia wavexx at thregr.org
Mon Dec 22 15:07:44 UTC 2014 

Package: gnupg-agent
Version: 2.1.1-1
Severity: normal

I'm using gnupg-agent for both GPG and SSH key management. As a result, I'm
often prompted for unlocking a secret key.

The problem however is that I sometimes have *no* idea which process is
prompting me, never mind understanding "why".

To give you a bad example, imagine using sshfs to mount some paths over the
network. A GUI application tries to readdir() a network path, typically due to
the "recent" open/save dialog handling, or worse yet during the population of
the "Recent" menu items. This results in a prompt out of the blue, which is
often worsened by the delay involved (due to connection latencies) in respect
to the action that you're performing.

As an improvement, the agent should collect the PID/program of the requesting
process and show it along with the requested key as an additional cue to the
user.

AFAIK, when a requesting process is using a unix socket, so we could use
getpeerid(3) to find the PID of the connected endpoint. Once the PID is
available, reading /proc/ would be an option to find the command line of the
requesting process to collect some more information to display to the user, to
answer the _REAL_ question "why my key is being used and who is requesting
it?". Too bad "why" is still missing.

This method shouldn't require cooperation on the requesting process.

I consider this a bug of "normal" priority for a key agent, not just a
whishlist. My reasoning is that it's currently impossible for a user to
determine which process is requesting permission.

I was previously unsuccessful in getting an usability patch accepted into
pinentry, so I'm trying to get more traction using Debian's BTS.

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (900, 'unstable'), (800, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg-agent depends on:
ii  libassuan0                2.1.2-2
ii  libc6                     2.19-13
ii  libgcrypt20               1.6.2-4+b1
ii  libgpg-error0             1.17-3
ii  libnpth0                  1.0-1
ii  libreadline6              6.3-8+b2
ii  pinentry-gtk2 [pinentry]  0.8.3-2

Versions of packages gnupg-agent recommends:
ii  gnupg   1.4.18-6
ii  gnupg2  2.1.1-1

gnupg-agent suggests no packages.

More information about the Pkg-gnupg-maint mailing list