[Pkg-gnupg-maint] Bug#485458: gnupg: crashes with "Ohhhh jeeeee: ... this is a bug"

Alexandre Fayolle afayolle at debian.org
Mon Jun 9 16:45:44 UTC 2008 

Package: gnupg
Version: 1.4.9-2
Severity: normal

Hi,

I have an program at work which is used to automate some tasks related
to debian package management (automating some checks and uploading
packages to a local repository). To avoid permission issues, the
executable is setuid to a user which is the owner of the repositories :

alf at crater:~$ ls -l /usr/bin/ldi
-rwsr-sr-x 1 debinstall debinstall 4448 fév  6 11:02 /usr/bin/ldi

It worked fine until recently, when the signature checks ran by the
programm started failing with a very weird error message:

gpg: Ohhhh jeeee: ... this is a bug (../../g10/gpg.c:2052:main)
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768

This thread
(http://lists.gnupg.org/pipermail/gnupg-users/2006-August/029097.html)
suggests that the setuid bit is reponsible for the crash. However the
program has been working correctly since february (the machine is
running unstable but is not upgraded very often). 

I think the change introduced in 1.4.6-2.2 broke this behaviour (Do not install
gpg setuid root, this is not necessary anymore since  Linux kernel
2.6.9. (Closes: #356550, #346597, #453122)) ? If I chmod u+s
/usr/bin/gpg, my ldi command works fine again. 



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnupg depends on:
ii  gpgv                   1.4.9-1           GNU privacy guard - signature veri
ii  libbz2-1.0             1.0.5-0.1         high-quality block-sorting file co
ii  libc6                  2.7-12            GNU C Library: Shared libraries
ii  libreadline5           5.2-3             GNU readline and history libraries
ii  libusb-0.1-4           2:0.1.12-11       userspace USB programming library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages gnupg recommends:
ii  libldap-2.4-2                 2.4.9-1    OpenLDAP libraries

-- no debconf information

More information about the Pkg-gnupg-maint mailing list