+++ This bug was initially created as a clone of Bug #677665 +++
Description of problem:
pinentry-ncurses fails if current tty is owned by different user
as the one running pinentry. This happens for example when users does "su -"
after logging in as normal user. The /dev/pts/XX file is not chown-ed to root
and therefore pinentry-ncurses fails
Version-Release number of selected component (if applicable):
Steps to Reproduce:
# ssh to a box as a normal user
# unset DISPLAY
# su -
# dd if=/dev/urandom of=testpartition bs=1M count=10
# losetup /dev/loop0 testpartition
# cryptsetup luksFormat /dev/loop0
# volume_key --save /dev/loop0 -o packet
volume_key: Error creating `packet': GPGME: Bad passphrase
No error and pinentry asks for password
Patch sent upstream by sochotni
--- Additional comment from firstname.lastname@example.org on 2011-02-15 15:26:46 CET ---
More simple reproducer is this:
1. login as normal user
2. unset DISPLAY # to use curses
3. su -
4. gpg2 --symmetric .bashrc
--- Additional comment from email@example.com on 2011-02-15 15:29:28 CET ---
Created attachment 478883 [details]
Patch fixing the bug
This is patch that was sent upstream. Will be back after I hear back from them
FYI I contacted upstream with the patch and they would prefer to disable capabilities completely since that code path is not needed anymore (we can do memory locking as users already).
I am gonna go ahead and add --without-libcap to compile options of pinentry in rawhide. Hopefully it will not cause other issues
I tested for a while with pinentry when --without-libcap was added and didn't see any issues. Adding to F14 and F15 as well.
pinentry-0.8.1-3.fc15 has been submitted as an update for Fedora 15.
pinentry-0.8.1-3.fc14 has been submitted as an update for Fedora 14.
pinentry-0.8.1-3.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
pinentry-0.8.1-3.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.