Bug 73734 - gnupg relaxes permissions when updating pubring.gpg
Summary: gnupg relaxes permissions when updating pubring.gpg
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnupg   
(Show other bugs)
Version: 8.0
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Mike McLean
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-09-09 18:43 UTC by Ed Halley
Modified: 2007-04-18 16:46 UTC (History)
1 user (show)

Fixed In Version: 1.2.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-09 03:33:01 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Ed Halley 2002-09-09 18:43:22 UTC
Description of Problem:

  If the pubring.gpg file is world-readable upon gpg startup, then gpg
  complains with:

    gpg: Warning: unsafe permissions on file "/home/speare/.gnupg/pubring.gpg"

  After (chmod go-rwx ~/.gnupg/pubring.gpg), there is no such warning.

  However, if gpg updates the pubring for any reason, such as adding or
  signing a new public key to the keyring, then the old "secure" copy is
  renamed to pubring.gpg~ and a new copy is made with the changes.

  The NEW file conforms to umask, not to the same file permissions as the
  OLD file.  With the Linux default of umask (u=rwx,g=rwx,o=rx), this
  guarantees that the next invocation of gpg will again complain:

    gpg: Warning: unsafe permissions on file "/home/speare/.gnupg/pubring.gpg"

Steps to Reproduce:
1. Protect your gnupg files with (chmod go-rwx ~/.gnupg/*).
2. Use gpg to update your keyring in any way (--recv-keys, --sign-key, etc.).
3. Use gpg in any way and notice the warning about unsafe permissions.

Actual Results:
  gpg's pubring.gpg is not updated with the same permissions as originals

Expected Results:
  gpg's pubring.gpg should be updated with the same permissions as originals

Comment 1 David Shaw 2003-03-15 02:35:24 UTC
FYI, this was fixed in GnuPG 1.2.0.  The current GnuPG is 1.2.1.


Note You need to log in before you can comment on or make changes to this bug.