493834 – =app-crypt/gnupg-2.0.22: strict owner checks on /dev/pts/X causes failure when su-ing

Bug 493834 - =app-crypt/gnupg-2.0.22: strict owner checks on /dev/pts/X causes failure when su-ing

Summary: =app-crypt/gnupg-2.0.22: strict owner checks on /dev/pts/X causes failure whe...

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Crypto team [DISABLED]

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-12-10 13:12 UTC by Anthony Basile
Modified:	2017-04-22 19:02 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Anthony Basile gentoo-dev

2013-12-10 13:12:00 UTC

There is a new behavior in gnupg-2 which is causing a problem when su-ing root.  It has to do with the owner:group on the controlling tty.  Here's how you can reproduce the problem

1. Start off as an ordinary user.  Note the ownership on the tty:

    blueness@yellow ~ $ whoami
    blueness

    blueness@yellow ~ $ tty
    /dev/pts/10

    blueness@yellow ~ $ ls -al /dev/pts/10
    crw--w---- 1 blueness tty 136, 10 Dec 10 08:06 /dev/pts/10

2. Either su - root or sudo su -  Check that the ownership on the tty haven't changed, then try to use gpg to do anything:

    blueness@yellow ~ $ sudo su -
    yellow ~ # tty
    /dev/pts/10

    yellow ~ # ls -alh /dev/pts/10
    crw--w---- 1 blueness tty 136, 10 Dec 10 08:07 /dev/pts/10

    yellow ~ # cd /tmp/
    yellow tmp # echo "hi there" > in.txt 

    yellow tmp # gpg --output out.gpg --symmetric in.txt
    gpg-agent[16610]: command get_passphrase failed: Operation cancelled
    gpg: cancelled by user
    gpg: error creating passphrase: Operation cancelled
    gpg: symmetric encryption of `in.txt' failed: Operation cancelled

3. Change the ownership on the tty and try again:

    yellow tmp # chown root /dev/pts/10
    yellow tmp # ls -alh /dev/pts/10
    crw--w---- 1 root tty 136, 10 Dec 10  2013 /dev/pts/10

    yellow tmp # gpg --output out.gpg --symmetric in.txt

    <ncurses window asking for passphrase>

It succeeds.

4. Repeate with gnupg-1.4.15 and it works without chown-ing the tty to uid=root.


Okay so I'm not providing a patch because ... do we want this behavior?  Should su/sudo su chown the tty to root?  Not sure here.



Reproducible: Always

Comment 1 Alon Bar-Lev (RETIRED) gentoo-dev

2013-12-13 10:03:17 UTC

(In reply to Anthony Basile from comment #0)
> Okay so I'm not providing a patch because ... do we want this behavior? 
> Should su/sudo su chown the tty to root?  Not sure here.

There are separate roles for upstream and downstream. As this behaviour was not introduced by downstream patch this is not the place to ask this kind of question.

Please move the discussion to upstream[1], I think it may be related to [2].

Whatever upstream decides will be committed and available in future version, if you find a commit that solves the issue we can consider applying it before the version with the fix is released at upstream.

Thanks,

[1] https://bugs.g10code.com/
[2] https://bugs.gnupg.org/gnupg/issue1391

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-04-22 19:02:19 UTC

This is expected behavior from upstream, nothing to do for Gentoo