Am Montag, den 09.06.2008, 18:45 +0200 schrieb Alexandre Fayolle: > I have an program at work which is used to automate some tasks related > to debian package management (automating some checks and uploading > packages to a local repository). To avoid permission issues, the > executable is setuid to a user which is the owner of the repositories : > > [EMAIL PROTECTED]:~$ ls -l /usr/bin/ldi > -rwsr-sr-x 1 debinstall debinstall 4448 fév 6 11:02 /usr/bin/ldi > > It worked fine until recently, when the signature checks ran by the > programm started failing with a very weird error message: > > gpg: Ohhhh jeeee: ... this is a bug (../../g10/gpg.c:2052:main) > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 > > This thread > (http://lists.gnupg.org/pipermail/gnupg-users/2006-August/029097.html) > suggests that the setuid bit is reponsible for the crash. However the > program has been working correctly since february (the machine is > running unstable but is not upgraded very often). > > I think the change introduced in 1.4.6-2.2 broke this behaviour (Do not > install > gpg setuid root, this is not necessary anymore since Linux kernel > 2.6.9. (Closes: #356550, #346597, #453122)) ? If I chmod u+s > /usr/bin/gpg, my ldi command works fine again.
You can overwrite the package permissions via dpkg-statoverride to get the setuid bit and you just need to do this once. I don't know your program so I don't know, if running gnupg with the setuid bit is the only choice you have, but normally I would doubt that. However, dpkg-statoverride IMO is the correct choice here and not reverting the change. Other opinions? Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
