pinentry-gnome3 not falling back to pinentry-curses as it should
Closed, DuplicatePublic


Since pinentry-gnome3 uses GCR via D-Bus to request the passphrase, it is not
enough to check that there is a display available (via pinentry_have_display,
just as pinentry-gtk-2 and probably some others do).

A very simple use case is the following: I log via SSH to an account on which I
happen to have a running Gnome session. As I have ForwardX11 in SSH, a display
is available (as per pinentry_have_display) and consequently pinentry-gnome3
requests the passphrase through GCR. But GCR shows the input dialog box in the
Gnome session and not in my SSH session, which is quite problematic.

I think that in the case of pinentry-gnome3, pinentry_have_display, in addition
to determining that either the DISPLAY environment variable is set or a
--display command-line argument has been passed, should also check that this
display is the same on which GCR would open the dialog box. In the case of
other graphical pinentry variants, using just about any display seems
questionable in terms of security anyway, as there is no guaranty that the
channel through which the X11 protocol passes is secured.