Bug#842877: apt: does not set HOME before invoking gnupg

To: David Kalnischkies <david@kalnischkies.de>, 842877@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#842877: apt: does not set HOME before invoking gnupg
From: "brian m. carlson" <sandals@crustytoothpaste.net>
Date: Wed, 2 Nov 2016 02:53:11 +0000
Message-id: <[🔎] 20161102025310.gv4sueqhmryyvkyr@genre.crustytoothpaste.net>
Reply-to: "brian m. carlson" <sandals@crustytoothpaste.net>, 842877@bugs.debian.org
In-reply-to: <[🔎] 20161102013820.jch5mh5cpmulk3xt@crossbow>
References: <[🔎] 20161101234937.zksibrq54u7o6an3@genre.crustytoothpaste.net> <[🔎] 20161102013820.jch5mh5cpmulk3xt@crossbow>

severity 842877 minor
retitle 842877 apt: should sanitize environment more thoroughly
kthxbye

On Wed, Nov 02, 2016 at 02:38:20AM +0100, David Kalnischkies wrote:
> On Tue, Nov 01, 2016 at 11:49:39PM +0000, brian m. carlson wrote:
> > 1. Add a new mirror to /etc/apt/sources.list.
> 
> Can you go into more detail what you do in this step please?
> Are you installing -keyring packages perhaps?

No, simply adding a new Debian mirror is sufficient.  In fact, that's
not even required.  All that's required is to make apt validate a GnuPG
signature, so this will happen at least once a day anyway.

It doesn't occur if apt doesn't validate a signature.

> > 2. Set "extra-socket ~/.gnupg/S.gpg-agent-extra" in your user's
> >    ~/.gnupg/gpg-agent.conf
> > 3. As an unprivileged user in the sudo group, run "sudo -E apt-get update".
> > 4. Notice that there is now a root-owned gpg-agent running which has
> >    inherited your user's homedir and configuration settings.
> > 5. Notice that your extra socket has been overwritten by root's gpg-agent.
> 
> apt-key as called by apt doesn't use gnupg. The functionality apt is
> using from apt-key is gpgv only and that isn't spawning agents or
> whatever as there is no secret key material to protect.
> 
> So, figuring out what is calling gpg would be good – or what is calling
> apt-key [which likely shouldn't be called it].

Ah, I think the problem could be that you end up invoking $SHELL (for
me, zsh) somewhere (directly or indirectly), and therefore triggering my
shell to spawn a new gpg-agent, since it reads from my home directory.

I can work around this issue, but I would say you probably don't want
either my $HOME or my $SHELL for subprocesses.  In fact, you probably
want to sanitize the environment for subprocesses more thoroughly
altogether to avoid this problem.  I know apt has broken in the past
because it inherited a root-only $TMPDIR.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Processed: Re: Bug#842877: apt: does not set HOME before invoking gnupg
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#842877: apt: does not set HOME before invoking gnupg
  - From: "brian m. carlson" <sandals@crustytoothpaste.net>
- Bug#842877: apt: does not set HOME before invoking gnupg
  - From: David Kalnischkies <david@kalnischkies.de>

Prev by Date: Bug#842877: apt: does not set HOME before invoking gnupg
Next by Date: Processed: Re: Bug#842877: apt: does not set HOME before invoking gnupg
Previous by thread: Bug#842877: apt: does not set HOME before invoking gnupg
Next by thread: Processed: Re: Bug#842877: apt: does not set HOME before invoking gnupg
Index(es):
- Date
- Thread