Bug #17111
gpg updating (flooded) public keys in the background
0%
Description
Today I caught gpg checking for one of the flooded OpenPGP keys in the background.
I had been running at 100% CPU for more than 30 minutes before I killed it. Before that the same operation which killed my laptop by overheating a few hours earlier.
The command that I got from a ps
listing was:
/usr/bin/gpg --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --no-emit-version --no-comments --display-charset utf-8 --keyserver-options no-auto-key-retrieve --batch --no-tty --no-verbose --status-fd 2 --keyserver hkp://jirk5u4osbsr34t5.onion:11371 --recv-keys EE8192A6E443D6D8
EE8192A6E443D6D8 is the key of Patrick Brunschwig <patrick@brunschwig.net> author of Enigmail and reported as floaded. See https://anarc.at/blog/2019-07-30-pgp-flooding-attacks/.
I definitely didn’t trigger this action myself.
Also note that some weeks ago, as gpg was doing some other extreme CPU operations (when checking the trust db), I rebuilt my keyring from scratch by importing all public and private keys manually again.
The version of EE8192A6E443D6D8 that I have in my keyring only has 1333 signatures so it’s not the flooded version.
gpg in Tails shouldn’t try to fetch possibly flooded keys in the background as it can lead to hardware damage and data loss.
Setting priority to Elevated as it is a regression with possibly harmful consequences.
Subtasks
History
#1 Updated by intrigeri 2019-10-02 07:08:04
- Subject changed from gpg updating (floaded) public keys in the background to gpg updating (flooded) public keys in the background
- Description updated
- Status changed from Confirmed to Resolved
- Target version set to Tails_4.0
The current builds from the devel branch, on which 4.0 will be based, include gnupg 2.2.12-1+deb10u1, whose NEWS.Debian
reads:
In this version we adopt GnuPG's upstream approach of making keyserver
access default to self-sigs-only. This defends against receiving
flooded OpenPGP certificates. To revert to the previous behavior (not
recommended!), add the following directive to ~/.gnupg/gpg.conf:
keyserver-options no-self-sigs-only
⇒ already fixed on the devel branch, thanks to upstream + dkg :)