Debian Bug report logs - #490545
gnupg-agent: should not permit ptrace

version graph

Package: gnupg-agent; Maintainer for gnupg-agent is Eric Dorland <eric@debian.org>; Source for gnupg-agent is src:gnupg2.

Reported by: Russell Coker <russell@coker.com.au>

Date: Sat, 12 Jul 2008 14:24:01 UTC

Severity: normal

Tags: security

Found in version gnupg2/2.0.0-5.2

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#490545; Package gnupg-agent. Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gnupg-agent: should not permit ptrace
Date: Sun, 13 Jul 2008 00:23:03 +1000
Package: gnupg-agent
Version: 2.0.0-5.2
Severity: normal

It is possible to ptrace (strace or gdb) the gpg-agent program.  This means
that if an attacker compromises any process running on behalf of a user (an MUA or a web browser) then they can ptrace gpg-agent and wait for the GPG pass-
phrase to be given to them.

If gpg-agent was setgid then ptrace would not be permitted and security would
be slightly improved.




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#490545; Package gnupg-agent. Full text and rfc822 format available.

Acknowledgement sent to Eric Dorland <eric@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 490545@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: Russell Coker <russell@coker.com.au>, 490545@bugs.debian.org
Subject: Re: Bug#490545: gnupg-agent: should not permit ptrace
Date: Mon, 11 Aug 2008 00:08:47 -0400
[Message part 1 (text/plain, inline)]
tags 490545 security
thanks

* Russell Coker (russell@coker.com.au) wrote:
> Package: gnupg-agent
> Version: 2.0.0-5.2
> Severity: normal
> 
> It is possible to ptrace (strace or gdb) the gpg-agent program.
> This means that if an attacker compromises any process running on
> behalf of a user (an MUA or a web browser) then they can ptrace
> gpg-agent and wait for the GPG pass- phrase to be given to them.
> 
> If gpg-agent was setgid then ptrace would not be permitted and
> security would be slightly improved.

I'm not sure doing this so specifically just for gpg-agent is the
right approach. Something like SELinux or capabilities or something
seems more sensible.

What group would be appropriate to use in any case?

-- 
Eric Dorland <eric@kuroneko.ca>
ICQ: #61138586, Jabber: hooty@jabber.com

[signature.asc (application/pgp-signature, inline)]

Tags added: security Request was from Eric Dorland <eric@debian.org> to controlbugs.debian.org. (Mon, 11 Aug 2008 04:12:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#490545; Package gnupg-agent. Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #17 received at 490545@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Eric Dorland <eric@debian.org>
Cc: 490545@bugs.debian.org
Subject: Re: Bug#490545: gnupg-agent: should not permit ptrace
Date: Mon, 11 Aug 2008 15:11:32 +1000
On Monday 11 August 2008 14:08, Eric Dorland <eric@debian.org> wrote:
> > It is possible to ptrace (strace or gdb) the gpg-agent program.
> > This means that if an attacker compromises any process running on
> > behalf of a user (an MUA or a web browser) then they can ptrace
> > gpg-agent and wait for the GPG pass- phrase to be given to them.
> >
> > If gpg-agent was setgid then ptrace would not be permitted and
> > security would be slightly improved.
>
> I'm not sure doing this so specifically just for gpg-agent is the
> right approach. Something like SELinux or capabilities or something
> seems more sensible.

Capabilities can't do it (AFAIK).  It's ideal if we can provide security 
benefits for people who don't use SE Linux.

> What group would be appropriate to use in any case?

You could create a new gpg-agent group.

Getting advice from upstream would also be a good idea.




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 11:04:33 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.