Bug 677670 - pinentry-ncurses fails if current tty is owned by different user as the one running pinentry
pinentry-ncurses fails if current tty is owned by different user as the one r...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: pinentry (Show other bugs)
14
All Linux
medium Severity medium
: ---
: ---
Assigned To: Stanislav Ochotnicky
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 677665
  Show dependency treegraph
 
Reported: 2011-02-15 09:30 EST by Stanislav Ochotnicky
Modified: 2011-03-28 23:55 EDT (History)
4 users (show)

See Also:
Fixed In Version: pinentry-0.8.1-3.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 677665
Environment:
Last Closed: 2011-03-28 15:28:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Stanislav Ochotnicky 2011-02-15 09:30:49 EST
+++ This bug was initially created as a clone of Bug #677665 +++

Description of problem:
pinentry-ncurses fails if current tty is owned by different user
as the one running pinentry. This happens for example when users does "su -"
after logging in as normal user. The /dev/pts/XX file is not chown-ed to root
and therefore pinentry-ncurses fails

Version-Release number of selected component (if applicable):
pinentry-0.7.6-5.el6

How reproducible:
100%

Steps to Reproduce:
# ssh to a box as a normal user
# unset DISPLAY
# su -
# dd if=/dev/urandom of=testpartition bs=1M count=10
# losetup /dev/loop0 testpartition
# cryptsetup luksFormat /dev/loop0
(enter password)
# volume_key --save /dev/loop0 -o packet
  
Actual results:
volume_key: Error creating `packet': GPGME: Bad passphrase

Expected results:
No error and pinentry asks for password

Additional info:
Patch sent upstream by sochotni

--- Additional comment from sochotni@redhat.com on 2011-02-15 15:26:46 CET ---

More simple reproducer is this:
1. login as normal user
2. unset DISPLAY # to use curses 
3. su -
4. gpg2 --symmetric .bashrc

--- Additional comment from sochotni@redhat.com on 2011-02-15 15:29:28 CET ---

Created attachment 478883 [details]
Patch fixing the bug

This is patch that was sent upstream. Will be back after I hear back from them
Comment 1 Stanislav Ochotnicky 2011-02-18 05:30:38 EST
FYI I contacted upstream with the patch and they would prefer to disable capabilities completely since that code path is not needed anymore (we can do memory locking as users already). 

I am gonna go ahead and add --without-libcap to compile options of pinentry in rawhide. Hopefully it will not cause other issues
Comment 2 Stanislav Ochotnicky 2011-03-08 05:24:03 EST
I tested for a while with pinentry when --without-libcap was added and didn't see any issues. Adding to F14 and F15 as well.
Comment 3 Fedora Update System 2011-03-08 07:23:43 EST
pinentry-0.8.1-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc15
Comment 4 Fedora Update System 2011-03-08 07:23:50 EST
pinentry-0.8.1-3.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/pinentry-0.8.1-3.fc14
Comment 5 Fedora Update System 2011-03-28 15:28:48 EDT
pinentry-0.8.1-3.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2011-03-28 23:55:12 EDT
pinentry-0.8.1-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.