Bug#566351: libgcrypt11: should not change user id as a side effect
Andreas Metzler
ametzler at downhill.at.eu.org
Sat Jan 23 14:47:25 CET 2010
On 2010-01-23 Ansgar Burchardt <ansgar at 2008.43-1.org> wrote:
> the function lock_pool from src/secmem.c has the side effect of changing
> user ids if real uid != effective uid. This causes strange behaviour in
> other programs:
> A program using libnss-ldap for querying group membership with SSL
> enabled, but without nscd might suddenly change the user id when calling
> getgroups (or initgroups). An example for this is the atd daemon[1].
> Regards,
> Ansgar
> [1] https://bugs.launchpad.net/bugs/509734
Hello,
afaiui this is documented behavior:
| GCRYCTL_INIT_SECMEM; Arguments: int nbytes
| This command is used to allocate a pool of secure memory and thus
| enabling the use of secure memory. It also drops all extra privileges
| the process has (i.e. if it is run as setuid (root)). If the argument
| nbytes is 0, secure memory will be disabled. The minimum amount of
| secure memory allocated is currently 16384 bytes; you may thus use a
| value of 1 to request that default size.
cu andreas
More information about the Gcrypt-devel
mailing list