signing --load extensions ?

Brian Warner warner at
Wed Sep 23 01:50:03 CEST 1998

wk at (Werner Koch) writes:
> Walter Koch <w.koch at> writes:
> > does it make sense to sign the loadable extension code? 
> > 
> > Otherwise it would be easy to put an trojan extension named e.g. 
> > "tiger" instead of the true one into the extension "path"?
> No.  You would also have to sign /lib/libc*, the gnupg executables
> and of course the kernel (and the Xserver and ....).  
> To avoid trojan horses, the program should be installed with owner root
> and the sysadmin should install tripwire to detect changed code.
> Werner 

Plus, there isn't an extension "path".. there's only the one hardcoded
directory, or you can use --load-extension with an explicit filename. So it
would be very hard to accidentally use an untrusted extension.


More information about the Gnupg-devel mailing list