Bug 677670 - pinentry-ncurses fails if current tty is owned by different user as the one running pinentry
Summary: pinentry-ncurses fails if current tty is owned by different user as the one r...
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pinentry
Version: 14
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Stanislav Ochotnicky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 677665
TreeView+ depends on / blocked
 
Reported: 2011-02-15 14:30 UTC by Stanislav Ochotnicky
Modified: 2011-03-29 03:55 UTC (History)
4 users (show)

(edit)
Clone Of: 677665
(edit)
Last Closed: 2011-03-28 19:28:52 UTC


Attachments (Terms of Use)

Description Stanislav Ochotnicky 2011-02-15 14:30:49 UTC
+++ This bug was initially created as a clone of Bug #677665 +++

Description of problem:
pinentry-ncurses fails if current tty is owned by different user
as the one running pinentry. This happens for example when users does "su -"
after logging in as normal user. The /dev/pts/XX file is not chown-ed to root
and therefore pinentry-ncurses fails

Version-Release number of selected component (if applicable):
pinentry-0.7.6-5.el6

How reproducible:
100%

Steps to Reproduce:
# ssh to a box as a normal user
# unset DISPLAY
# su -
# dd if=/dev/urandom of=testpartition bs=1M count=10
# losetup /dev/loop0 testpartition
# cryptsetup luksFormat /dev/loop0
(enter password)
# volume_key --save /dev/loop0 -o packet
  
Actual results:
volume_key: Error creating `packet': GPGME: Bad passphrase

Expected results:
No error and pinentry asks for password

Additional info:
Patch sent upstream by sochotni

--- Additional comment from sochotni@redhat.com on 2011-02-15 15:26:46 CET ---

More simple reproducer is this:
1. login as normal user
2. unset DISPLAY # to use curses 
3. su -
4. gpg2 --symmetric .bashrc

--- Additional comment from sochotni@redhat.com on 2011-02-15 15:29:28 CET ---

Created attachment 478883 [details]
Patch fixing the bug

This is patch that was sent upstream. Will be back after I hear back from them

Comment 1 Stanislav Ochotnicky 2011-02-18 10:30:38 UTC
FYI I contacted upstream with the patch and they would prefer to disable capabilities completely since that code path is not needed anymore (we can do memory locking as users already). 

I am gonna go ahead and add --without-libcap to compile options of pinentry in rawhide. Hopefully it will not cause other issues

Comment 2 Stanislav Ochotnicky 2011-03-08 10:24:03 UTC
I tested for a while with pinentry when --without-libcap was added and didn't see any issues. Adding to F14 and F15 as well.

Comment 3 Fedora Update System 2011-03-08 12:23:43 UTC
pinentry-0.8.1-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc15

Comment 4 Fedora Update System 2011-03-08 12:23:50 UTC
pinentry-0.8.1-3.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc14

Comment 5 Fedora Update System 2011-03-28 19:28:48 UTC
pinentry-0.8.1-3.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2011-03-29 03:55:12 UTC
pinentry-0.8.1-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.