Gpg is installed with setuid(root) et setgid(root). setuid(0) is necessary for locking pages in memory to avoid swapping but there is no reason for setgid(0). As a consequence, Gpg creates file with group 'root'. The installation script should strip the setgid bit...
Yikes. You can write to any file with write access for group root like this: $ ls -l /tmp/target-file -rw-rw-r-- 1 root root 0 2003-06-19 10:19 target-file $ echo owned > temp $ gpg --symmetric temp $ gpg --output target-file --decrypt temp.gpg gpg: CAST5 encrypted data File `target-file' exists. Overwrite (y/N)? y gpg: WARNING: message was not integrity protected $ ls -l target-file -rw-rw-r-- 1 root root 6 2003-06-19 10:21 target-file $ cat target-file owned There are lots of group root writable files on a gentoo system, glsa?
Well, i think this needs some attention, even if nobody else does. Heres a link to consider. http://www.mandrakesecure.net/en/advisories/2001/MDKSA-2001-053-1.php3?dis=8.1 "The /usr/bin/gpg executable was installed setuid root and setgid root. While being setuid root offers locking pages in physical memory to avoid writing sensitive material to swap and is of benefit, being setgid root provides no benefits and allows users to write to files that have group root access. This update strips the setgid bit from /usr/bin/gpg." Even if for some reason im not aware of this isnt considered a problem, conservative use of sgid/suid is always a good thing, is it really nescessary in this case?
Fixed in cvs, Thank you reporter.
Thanks Tavis for caring. This was known a whole month?
