race condition on ~/.gnupg/random_seed when signing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg (Ubuntu) |
Invalid
|
Medium
|
Unassigned |
Bug Description
Desired behaviour: Signing should always fail or succeed in a deterministic manner, or provide a distinctive error message if a system failure (e.g
Desired behaviour: Signing should always fail or succeed in a deterministic manner, or provide a distinctive error message if a system failure (e.g. out of memory) occurred.
Observed behaviour: Once in a while, when doing many concurrent signing operations under heavy load, you can get an error looking the following.
gpg: fatal: can't read `/home/
secmem usage: 1472/1472 bytes in 4/4 blocks of pool 1472/32768
signature command exited with non-0 status (2)
command: gpg --clearsign --no-default-
Interpretation: the .gnupg/random_seed might be updated in an unsafe manner, leaving a race window where the file does not exist.
Security implications: None. Triggering the race requires write access to .gnupg. If an attacker has it, you have a way bigger problem.
Changed in gnupg: | |
status: | New → Rejected |