Bug 441957 - kleopatra: Creates unsafe ~/.gnupg when not already present
Summary: kleopatra: Creates unsafe ~/.gnupg when not already present
Status: RESOLVED FIXED
Alias: None
Product: kleopatra
Classification: Applications
Component: general (show other bugs)
Version: 3.1.12
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Andre Heinecke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-03 17:52 UTC by Rex Dieter
Modified: 2021-09-23 08:26 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In: 21.08.2
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rex Dieter 2021-09-03 17:52:58 UTC
Tested with:
$ kleopatra --version
kleopatra 3.1.12 (20.12.2)

on fedora 34.  Received downstream report,
"kleopatra: Creates unsafe ~/.gnupg when not already present"
https://bugzilla.redhat.com/show_bug.cgi?id=2000292

That I think I have confirmed.

If you let gpg2 (and friends) create a fresh ~/.gnupg , ownership/perms as such:
$ gpg2
gpg: directory '/home/rdieter/.gnupg' created
gpg: keybox '/home/rdieter/.gnupg/pubring.kbx' created
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: Go ahead and type your message ...

$ ls -ld ~/.gnupg
drwx------. 1 rdieter rdieter 92 Sep  3 12:51 /home/rdieter/.gnupg

But if that dir doesn't exist and I start kleopatra, I end up with:
$ ls -ld ~/.gnupg*
drwxrwxr-x. 1 rdieter rdieter 98 Sep  3 12:28 /home/rdieter/.gnupg
Comment 1 Norbert Preining 2021-09-21 00:15:42 UTC
Same on Debian, and same with 20.12 - 21.04 - 21.08
Comment 2 Andre Heinecke 2021-09-23 08:26:30 UTC
Thanks for the report. We were able to reproduce it and have fixed this.