[Bug 1163361] [NEW] sudo breaks keyring access for normal user

ctrl 1163361 at bugs.launchpad.net
Tue Apr 2 14:59:20 UTC 2013 

Public bug reported:

Version: gpg (GnuPG) 1.4.12 on up-to-date raring

If you delete a public key using sudo (by mistake), you get a security
warning about pubring file owner. If you go ahead, the pubring file in
you home is then owned by root:root and you have no access to it anymore
unless you change owner by hand.

How to reproduce:

gpg --recv <somekey>
sudo gpg --delete-key <somekey>
gpg --recv <somekey>

you get

gpg: impossibile aprire "/home/dario/.gnupg/pubring.gpg"
gpg: keydb_get_keyblock failed: eof
gpg: non è stato trovato un portachiavi scrivibile: eof
gpg: errore nel leggere "[stream]": errore generale

that is something like

gpg: unable to open "/home/dario/.gnupg/pubring.gpg"
gpg: keydb_get_keyblock failed: eof
gpg: no writable keyring found: eof
gpg: error reading "[stream]": generic error

That's clearly fixed by a simple chown, anyway. This is probably because
the pubring is entirely rewritten with root privileges, but I'm not sure
it's the correct behavior.

** Affects: gnupg (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: gnupg gpg key keyring permissions root sudo

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1163361

Title:
  sudo breaks keyring access for normal user

Status in “gnupg” package in Ubuntu:
  New

Bug description:
  Version: gpg (GnuPG) 1.4.12 on up-to-date raring

  If you delete a public key using sudo (by mistake), you get a security
  warning about pubring file owner. If you go ahead, the pubring file in
  you home is then owned by root:root and you have no access to it
  anymore unless you change owner by hand.

  How to reproduce:

  gpg --recv <somekey>
  sudo gpg --delete-key <somekey>
  gpg --recv <somekey>

  you get

  gpg: impossibile aprire "/home/dario/.gnupg/pubring.gpg"
  gpg: keydb_get_keyblock failed: eof
  gpg: non è stato trovato un portachiavi scrivibile: eof
  gpg: errore nel leggere "[stream]": errore generale

  that is something like

  gpg: unable to open "/home/dario/.gnupg/pubring.gpg"
  gpg: keydb_get_keyblock failed: eof
  gpg: no writable keyring found: eof
  gpg: error reading "[stream]": generic error

  That's clearly fixed by a simple chown, anyway. This is probably
  because the pubring is entirely rewritten with root privileges, but
  I'm not sure it's the correct behavior.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1163361/+subscriptions

More information about the foundations-bugs mailing list