Bug 677670

Summary: pinentry-ncurses fails if current tty is owned by different user as the one running pinentry
Product: [Fedora] Fedora Reporter: Stanislav Ochotnicky <sochotni>
Component: pinentryAssignee: Stanislav Ochotnicky <sochotni>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 14CC: axel.thimm, mvadkert, rdieter, sochotni
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pinentry-0.8.1-3.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 677665 Environment:
Last Closed: 2011-03-28 19:28:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 677665    

Description Stanislav Ochotnicky 2011-02-15 14:30:49 UTC 
+++ This bug was initially created as a clone of Bug #677665 +++

Description of problem:
pinentry-ncurses fails if current tty is owned by different user
as the one running pinentry. This happens for example when users does "su -"
after logging in as normal user. The /dev/pts/XX file is not chown-ed to root
and therefore pinentry-ncurses fails

Version-Release number of selected component (if applicable):
pinentry-0.7.6-5.el6

How reproducible:
100%

Steps to Reproduce:
# ssh to a box as a normal user
# unset DISPLAY
# su -
# dd if=/dev/urandom of=testpartition bs=1M count=10
# losetup /dev/loop0 testpartition
# cryptsetup luksFormat /dev/loop0
(enter password)
# volume_key --save /dev/loop0 -o packet
  
Actual results:
volume_key: Error creating `packet': GPGME: Bad passphrase

Expected results:
No error and pinentry asks for password

Additional info:
Patch sent upstream by sochotni

--- Additional comment from sochotni on 2011-02-15 15:26:46 CET ---

More simple reproducer is this:
1. login as normal user
2. unset DISPLAY # to use curses 
3. su -
4. gpg2 --symmetric .bashrc

--- Additional comment from sochotni on 2011-02-15 15:29:28 CET ---

Created attachment 478883 [details]
Patch fixing the bug

This is patch that was sent upstream. Will be back after I hear back from them
Comment 1 Stanislav Ochotnicky 2011-02-18 10:30:38 UTC 
FYI I contacted upstream with the patch and they would prefer to disable capabilities completely since that code path is not needed anymore (we can do memory locking as users already). 

I am gonna go ahead and add --without-libcap to compile options of pinentry in rawhide. Hopefully it will not cause other issues
Comment 2 Stanislav Ochotnicky 2011-03-08 10:24:03 UTC 
I tested for a while with pinentry when --without-libcap was added and didn't see any issues. Adding to F14 and F15 as well.
Comment 3 Fedora Update System 2011-03-08 12:23:43 UTC 
pinentry-0.8.1-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc15
Comment 4 Fedora Update System 2011-03-08 12:23:50 UTC 
pinentry-0.8.1-3.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc14
Comment 5 Fedora Update System 2011-03-28 19:28:48 UTC 
pinentry-0.8.1-3.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2011-03-29 03:55:12 UTC 
pinentry-0.8.1-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.