[exim-dev] gnutls / exim : gnome-keyring:: couldn't connect …

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: [exim-dev] gnutls / exim : gnome-keyring:: couldn't connect to: /home/ametzler/.cache/keyring-vZ6lZn/pkcs11: Permission denied
Hello,

After the the GnuTLS revamp it loooks like PKCS#11 modules are
suddenly (unnecessarily) autoloaded and fail due to SUID:

ametzler@argenau:~$ mailq
ametzler@argenau:~$ gnome-keyring-daemon --start --components=pkcs11
GNOME_KEYRING_CONTROL=/home/ametzler/.cache/keyring-Blme9u
GNOME_KEYRING_PID=1274
ametzler@argenau:~$ export GNOME_KEYRING_CONTROL=/home/ametzler/.cache/keyring-Blme9u GNOME_KEYRING_PID=1274
ametzler@argenau:~$ mailq
WARNING: gnome-keyring:: couldn't connect to: /home/ametzler/.cache/keyring-Blme9u/pkcs11: Permission denied
ametzler@argenau:~$

The same behavior can also be reproduced with a SUID gnutls-cli[1].
Any idea on how to properly fix this?
cu andreas

[1]
argenau:~# cp /usr/bin/gnutls-cli /tmp/
argenau:~# chown nobody:nogroup /tmp/gnutls-cli
argenau:~# chmod ug+s /tmp/gnutls-cli
argenau:~# ls -l /tmp/gnutls-cli
-rwsr-sr-x 1 nobody nogroup 82156 Jun 23 08:58 /tmp/gnutls-cli
ametzler@argenau:~$ /tmp/gnutls-cli db.debian.org < /dev/null
WARNING: gnome-keyring:: couldn't connect to: /home/ametzler/.cache/keyring-Blme9u/pkcs11: Permission denied
[...]