[pkg-gnupg-maint] Bug#835620: gnupg: setuid to non-root: Ohhhh jeeee: ... this is a bug (../../g10/gpg.c:2010:main)

Valentin Lorentz progval at progval.net
Sat Aug 27 17:01:35 UTC 2016


Package: gnupg
Version: 1.4.20-6

Dear maintainer,

Running gnupg from a process with setuid to a user different than root
triggers a bug.

Here is how to reproduce it:

 val at particle:/tmp $ cat foo.c
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

void main(int argc, char* argv[]) {
    printf("%u %u\n", getuid(), geteuid());
    system("gpg --help");
}
 val at particle:/tmp $ sudo gcc foo.c && sudo chown dev-misc:dev-misc
a.out && sudo chmod u+s a.out
 val at particle:/tmp $ LANG=C ./a.out
1000 1006

gpg: Ohhhh jeeee: ... this is a bug (../../g10/gpg.c:2010:main)
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/65536
Aborted


Best regards,
Valentin



More information about the pkg-gnupg-maint mailing list