outbound file descriptors (status-fd, attribute-fd, logger-fd) should fail if descriptors is not initially open
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dkg
	Feb 5 2017, 9:17 PM

Description

Consider a situation where the user passes "--status-fd 3" but file descriptor 3
is not open.

During the course of executing the rest of the commands, it's possible that gpg
itself will open some files, and file descriptor 3 will get allocated.

In this situation, the status information will be appended directly to whatever
file happens to have landed on fd 3 (the trustdb? the keyring?).

This is a potential data destruction issue for all writable file descriptor options:

   --status-fd
   --attribute-fd
   --logger-fd

It's also a potential issue for readable file descriptor options, but the risk
is merely weird behavior, and not data corruption:

   --override-session-key-fd
   --passphrase-fd
   --command-fd

Arguably, this is user error (to assign a file descriptor that hasn't already
explicitly been set up), so it's not a very friendly error mode, and gnupg
should include as few footguns as possible.

Details

Version: 2.1.18

Related Objects

Mentioned Here: rG6823ed46584e: gpg,common: Make sure that all fd given are valid.

Event Timeline

dkg set Version to 2.1.18.Feb 5 2017, 9:17 PM

dkg added projects: gnupg, Bug Report.

dkg added a subscriber: dkg.

justus claimed this task.Feb 8 2017, 12:23 PM

justus added a subscriber: justus.

Fixed in 6823ed46584e753de3aba48a00ab738ab009a860.

justus closed this task as Resolved.Feb 8 2017, 2:47 PM

outbound file descriptors (status-fd, attribute-fd, logger-fd) should fail if descriptors is not initially openClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

outbound file descriptors (status-fd, attribute-fd, logger-fd) should fail if descriptors is not initially open
Closed, ResolvedPublic
Actions