Risk Assessment
Edward S. Marshall
emarshal at logic.net
Sat Oct 24 00:42:13 CEST 1998
On Thu, 22 Oct 1998, brian moore wrote:
> This is true, but not needed in this case: generate the keys on the
> windows machine. The remote system only needs the public key, not the
> secret key.
Good point. Going back and reading his original post, I really must have
been asleep at the wheel when I wrote that.
> > What is the root of the technical requirement here for root ownership (and
> > presumably suid permissions)? I must -really- be missing something here...
>
> gdb gpg <pid>
True, but to exploit this, you'd need to have already compromised the
system to the point where you could execute code as the user. That's a
pretty significant wedge to get ahold of.
--
Edward S. Marshall <emarshal at logic.net> http://www.logic.net/~emarshal/ -o)
------------------------------------------------------ ----- ---- --- -- - /\\
Who'd have thought that we'd be freed from the Gates of hell by a penguin? _\_v
More information about the Gnupg-devel
mailing list