Package: gnupg-agent
Version: 2.0.25-1
Severity: minor
Dear Maintainer,
* What led up to the situation?
I wanted to enable coredumps for all crashing processes.
* What exactly did you do (or not do) that was effective (or ineffective)?
- /etc/security/limits.d/local-users-core.conf: @users soft core unlimited
- /etc/sysctl.d/local_kernel-core-pattern.conf: kernel.core_pattern =
/coredumps/core.%e.%p
- mkdir /coredumps; chmod 777 /coredumps
- Restarted the sytem and logged in again.
* What was the outcome of this action?
Still no coredumps got generated, verified by these actions:
bernhard@debian:~$ export LANG=C
bernhard@debian:~$ ulimit -a | grep core
core file size (blocks, -c) 0
bernhard@debian:~$ cat main.c
//gcc -g -O0 main.c
int main()
{
return *(int*)0;
}
bernhard@debian:~$ gcc -g -O0 main.c
bernhard@debian:~$ ./a.out
Segmentation fault
* What outcome did you expect instead?
Core dumps get generated when a process crashes.
bernhard@debian:~$ export LANG=C
bernhard@debian:~$ ulimit -a | grep core
core file size (blocks, -c) unlimited
bernhard@debian:~$ cat main.c
//gcc -g -O0 main.c
int main()
{
return *(int*)0;
}
bernhard@debian:~$ gcc -g -O0 main.c
bernhard@debian:~$ ./a.out
Segmentation fault (core dumped)
-------------
As far as I observed these actions occur:
- kdm get started and login credentials entered
- due to "/etc/pam.d/kdm(-np): session required pam_limits.so"
the limits specified in /etc/security/limits.d/local-users-core.conf get
applied
- script /etc/kde4/kdm/Xsession get executed which sources
- /etc/X11/Xsession which sources every file in /etc/X11/Xsession.d where the
environment STARTUP is concatenated. In 90gpg-agent STARTUP gets only changed
if $HOME/.gnupg/gpg.conf is configured to start the agent.
Finally in /etc/X11/Xsession.d/99x11-common_start the STARTUP environment get
executed:
exec $STARTUP
While in my case $STARTUP contains this:
/usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-
file=/home/bernhard/.gnupg/gpg-agent-info-debian /usr/bin/dbus-launch --exit-
with-session /usr/bin/startkde
- the exec starts the ssh-agent in the same process and "somehow" forks and
"somehow" the different agents get executed.
- the last /usr/bin/startkde starts the needed KDE processes.
In my opinion this is done this way because the different agents leave the
contact
information as environment (e.g. GPG_AGENT_INFO, SSH_AUTH_SOCK ...) and because
all
agents are spawned as the same process they have then automatically the
modified
environment. Unfortunately the gpg-agent sets the ulimit value and therefore
all following
processes get this value too.
-------------
Workarounds:
- When I temporarily removed /etc/X11/Xsession.d/90gpg-agent the desired
ulimit value stayed unmodified.
- When I rebuild the gnupg-agent agent and disable in agent/gpg-agent.c the
call
to disable_core_dumps() I also get the ulimit value unmodified. (Which is
probably in
place for security reasons)
- disable gpg-agent in $HOME/.gnupg/gpg.conf
- for an interactive terminal window one could enter "ulimit -c unlimited"
before
starting other processes.
-------------
Possible ways of action (from my point of view):
- the call to disable_core_dumps() could probably be moved after the "detach"
from the
original process (as far as I can see ssh-agent does it this way, probably
not wanted
in gpg-agent because then already secret information are already read to the
process ...)
- the Xsession scripts has to take care that the limit is restored before the
call to /usr/bin/startkde (in which case the bug has to be forwarded to
x11-common)
Kind regards,
Bernhard
-- System Information:
Debian Release: jessie/sid
APT prefers testing-updates
APT policy: (990, 'testing-updates'), (990, 'testing'), (500,
'testing-proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gnupg-agent depends on:
ii libassuan0 2.1.1-1
ii libc6 2.19-7
ii libgcrypt11 1.5.3-4
ii libgpg-error0 1.13-0.1
ii libpth20 2.0.7-19
ii libreadline6 6.3-6
ii pinentry-gtk2 [pinentry] 0.8.3-2
ii pinentry-qt4 [pinentry] 0.8.3-2
Versions of packages gnupg-agent recommends:
ii gnupg 1.4.18-2
ii gnupg2 2.0.25-1
ii gpgsm 2.0.25-1
gnupg-agent suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
