Bug 73734 - gnupg relaxes permissions when updating pubring.gpg
gnupg relaxes permissions when updating pubring.gpg
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: gnupg (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-09-09 14:43 EDT by Ed Halley
Modified: 2007-04-18 12:46 EDT (History)
1 user (show)

See Also:
Fixed In Version: 1.2.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-08 22:33:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ed Halley 2002-09-09 14:43:22 EDT
Description of Problem:

  If the pubring.gpg file is world-readable upon gpg startup, then gpg
  complains with:

    gpg: Warning: unsafe permissions on file "/home/speare/.gnupg/pubring.gpg"

  After (chmod go-rwx ~/.gnupg/pubring.gpg), there is no such warning.

  However, if gpg updates the pubring for any reason, such as adding or
  signing a new public key to the keyring, then the old "secure" copy is
  renamed to pubring.gpg~ and a new copy is made with the changes.

  The NEW file conforms to umask, not to the same file permissions as the
  OLD file.  With the Linux default of umask (u=rwx,g=rwx,o=rx), this
  guarantees that the next invocation of gpg will again complain:

    gpg: Warning: unsafe permissions on file "/home/speare/.gnupg/pubring.gpg"

Steps to Reproduce:
1. Protect your gnupg files with (chmod go-rwx ~/.gnupg/*).
2. Use gpg to update your keyring in any way (--recv-keys, --sign-key, etc.).
3. Use gpg in any way and notice the warning about unsafe permissions.

Actual Results:
  gpg's pubring.gpg is not updated with the same permissions as originals

Expected Results:
  gpg's pubring.gpg should be updated with the same permissions as originals
Comment 1 David Shaw 2003-03-14 21:35:24 EST
FYI, this was fixed in GnuPG 1.2.0.  The current GnuPG is 1.2.1.

Note You need to log in before you can comment on or make changes to this bug.