Page MenuHome GnuPG
Create Task
Maniphest T937

Encrypting File as a different user
Closed, ResolvedPublic
Actions

Description

Environment: Solaris 10

Command Executed:
weber@newServer> /usr/local/encrypt_file/encrypt_file.ksh /someLocation/test.out

Output:
gpg: Ohhhh jeeee: ... this is a bug (gpg.c:1917:main)
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
/usr/bin/ksh[55]: 758 Abort

Notes:
I ran this as user pgp, the file get encrypted correctly. But I get the above
output when I run it as user weber.

File/Directory Permissions:

-rwsr-xr-x 1 pgp web 1854 Jul 8 10:56
/usr/local/encrypt_file/encrypt_file.ksh*

drwxrwsr-x 2 weber web 3 Jul 7 16:44 /someLocation/
-rw-rw-r-- 1 weber web 12 Jul 2 10:29 /someLocation/test.out

encrypt_file.ksh Source:

#!/usr/bin/ksh

  2. Check that input argument has been supplied.

if $ then

return 99

fi

RETURN_CODE=0
FILE_NAME=$1

Set env variables used by PGP.

export PGPPATH=/usr/local/pgp/.pgp
export PGPPASS=cat /usr/local/pgp/.pgp/passwordFile

export GPG_COMMAND=/usr/local/bin/gpg

Execute PGP

$GPG_COMMAND --homedir $PGPPATH --keyring ${PGPPATH}/pubring.prod \
--always-trust --encrypt-to John -u John --passphrase $PGPPASS \
-r 0x11A1DB11 -se $FILE_NAME

exit $RETURN_CODE

Details

Version
1.4.7

Event Timeline

wilco_0 set Version to 1.4.7.Jul 8 2008, 8:24 PM
wilco_0 added projects: gnupg, Bug Report.
wilco_0 added a subscriber: wilco_0.
werner added a subscriber: werner.Jul 15 2008, 9:18 AM

Are you running this as root (i.e. using sudo)? There is a known problem due to
this test:

/* There should be no way to get to this spot while still carrying
   setuid privs.  Just in case, bomb out if we are. */
if(getuid()!=geteuid())
  BUG();

If you really want to run it with effective uid of 0 you may change the test to

if (getuid () && getui () != geteuid ())
  BUG ();

However, this has to be done at several places (grep for geteuid).

wilco_0 added a comment.Jul 15 2008, 10:46 PM

I am running the ksh as weber (not root nor using sudo). I added the 'id'
command in the source code.. This is what I get back:

uid=4966(weber) gid=1137(web) euid=1047(pgp)

The uid != euid and the euid != 0.

Would the below solution still work?

werner added a project: Not A Bug.Dec 8 2008, 5:27 PM

See the previous comments. This is not a bug.

werner closed this task as Resolved.Dec 9 2008, 11:17 AM
werner claimed this task.