Home GnuPG
Diffusion GnuPG 78ebc62604d7

w32: Change directory on daemon startup.
Audit Required78ebc62604d7
Actions

Description

w32: Change directory on daemon startup.

* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
  • Signed-off-by: Marcus Brinkmann <mb@g10code.com>
  • GnuPG-bug-id: T2670

Details

Auditors
aheinecke
Provenance
marcusAuthored on Jul 24 2017, 4:31 PM
Parents
rGd8e46f10698d: g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.
Branches
Unknown
Tags
Unknown
Reverted By
rGf2d2648a4deb: Revert "w32: Change directory on daemon startup."
Tasks
T2670: (Win32/64) gpg-agent locks directory of initial signature

Event Timeline

marcus added a task: T2670: (Win32/64) gpg-agent locks directory of initial signature.Jul 24 2017, 4:39 PM
marcus committed rG78ebc62604d7: w32: Change directory on daemon startup. (authored by marcus).Jul 24 2017, 4:31 PM
marcus mentioned this in T2670: (Win32/64) gpg-agent locks directory of initial signature.Jul 24 2017, 4:40 PM
werner added a subscriber: werner.Jul 24 2017, 5:08 PM

I doubt that this is a full solution to the described problem because under Windows "/" is not the root of all files.

/dirmngr/dirmngr.c
1273

Even on Windwos you can use

chdir ("/");

No need to use unportable functions. Note that all Windows Core APIs understand regular forward slashes. Only the shell and certain registry things don't.

werner added an auditor: aheinecke.Jul 24 2017, 5:19 PM

Thinking again about this: The easiest way is to move the existing chdir ("/") out of the ifndef W32 block. That is moving just the #endif.

Or we move to the user's home directory - but that is more work.

Andre: What do you think?

This commit now requires audit.Jul 24 2017, 5:19 PM
marcus added a comment.Jul 24 2017, 5:22 PM

Homedir is an obvious choice, but I don't think make_absfilename adds a drive letter. Another idea is to use GetWindowsDirectory() or GetSystemDirectory. Note that chdir is deprecated by MSFT, hence _chdir.

aheinecke added a subscriber: aheinecke.Jul 24 2017, 8:39 PM

Indeed _chdir("/"); might still be problematic. Because as werner says it would create problems e.g. if you sign a file on a network drive or removable device because the agents homedir would then be the root of the device.

E.g.
e:
chdir \

would keep you on E:\ and lock a removable device.

I think the default would be %HOMEDRIVE%%HOMEPATH% (users homedir) this is what windows sets as execution dir for pinned shortcuts and thats for example the working directory of Kleopatra.

I would avoid that though because we would then need to handle Unicode User names and SetCurrentDirectoryW etc. and don't need a writable working directory.

Maybe something like:

if (_chdir (getenv("HOMEDRIVE")) && _chdir ("/"))
  {
     log_error ("chdir to / failed: %s\n", strerror (errno));
     exit (1);
  }

Untested.

werner added a reverting change: rGf2d2648a4deb: Revert "w32: Change directory on daemon startup.".Jul 25 2017, 1:09 PM
werner mentioned this in rGf2d2648a4deb: Revert "w32: Change directory on daemon startup.".

Changes (3)

PathSize
agent/
dirmngr/
scd/

rG78ebc62604d7

View Options

agent/gpg-agent.c

Loading...
View Options

dirmngr/dirmngr.c

Loading...
View Options

scd/scdaemon.c

Loading...