Page MenuHome GnuPG
Create Task
Maniphest T1391

pinentry-curses does not work when caller does not own the tty (for example, when su'ed)
Closed, ResolvedPublic
Actions

Description

When the caller of pinentry-curses does not own it's tty (such as when su'ed
to root in a terminal), pinentry-curses does not prompt for a passphrrase.

A truss of the pinentry-curses process reveals:

...
21524 capget(0x20080522, 0, NULL) = 0
21524 capset(0x20080522, 0, {CAP_IPC_LOCK, CAP_IPC_LOCK, 0}) = 0
21524 mlock(0xb7826000, 65536) = 0
21524 capget(0x20080522, 0, NULL) = 0
21524 capset(0x20080522, 0, {0, CAP_IPC_LOCK, 0}) = 0
21524 getuid32() = 0
21524 geteuid32() = 0
21524 getuid32() = 0
21524 geteuid32() = 0
...
21524 open("/dev/pts/0", O_RDONLY) = -1 EACCES (Permission denied)
...

I.e., root does not have permission to open /dev/pts/0
because the capabilities(7) calls around the call to mlock()
drop all capabilities except CAP_IPC_LOCK. In particular,
the CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_FOWNER
capabilities are dropped by the calls in lock_pool().

Suggested work-around: Recompile without USE_CAPABILITIES.

Details

Version
0.8.1

Related Objects

Event Timeline

enegaard set Version to 0.8.1.Feb 10 2012, 2:57 PM
enegaard added projects: pinentry, Bug Report.
enegaard added a subscriber: enegaard.
jaromil added a subscriber: jaromil.Jan 10 2013, 10:28 AM

try starting pinentry with these options (ASSUAN commands) where $TTY and $LANG
are correctly set in current environment

OPTION ttyname=$TTY
OPTION lc-ctype=$LANG

werner lowered the priority of this task from High to Normal.Jan 11 2013, 2:59 PM
werner lowered the priority of this task from Normal to Low.May 11 2015, 12:26 PM
neal added a subscriber: neal.May 16 2015, 10:54 PM

I'm having trouble reproducing this issue. When I su, root doesn't suddenly own
the terminal:

  $ su -
  Password: 
  # ls -l $(tty)
  crw------- 1 neal tty 136, 4 May 16 22:52 /dev/pts/4
  #

Can you provide a minimal example that illustrates the problem? Thanks. I
realize this issue is very old.

neal added a project: Info Needed.Jun 12 2015, 3:15 PM
werner closed this task as Resolved.Feb 3 2017, 12:39 PM
werner claimed this task.
werner added a project: Too Old.
powerman mentioned this in T3908: Permission denied for root on other user's tty.Apr 16 2018, 11:38 AM