Risk Assessment

Edward S. Marshall emarshal at logic.net
Sat Oct 24 00:42:13 CEST 1998

On Thu, 22 Oct 1998, brian moore wrote:
> This is true, but not needed in this case: generate the keys on the
> windows machine.  The remote system only needs the public key, not the
> secret key.

Good point. Going back and reading his original post, I really must have
been asleep at the wheel when I wrote that.

> > What is the root of the technical requirement here for root ownership (and
> > presumably suid permissions)? I must -really- be missing something here...
> gdb gpg <pid>

True, but to exploit this, you'd need to have already compromised the
system to the point where you could execute code as the user. That's a
pretty significant wedge to get ahold of.

Edward S. Marshall <emarshal at logic.net>    http://www.logic.net/~emarshal/  -o)
------------------------------------------------------ ----- ---- --- -- -  /\\
Who'd have thought that we'd be freed from the Gates of hell by a penguin? _\_v

More information about the Gnupg-devel mailing list