Questions about GPGME / GnuPG library

[Olaf Trygve Berglihn]

Nils at InfoSun.FMI.Uni-Passau.De (Nils Ellmenreich) writes:

> >>>"OTB" == Olaf Trygve Berglihn <olafb at pvv.org> writes:
> 
>  OTB> Root is root is root is root, i.e. if you can exploit to become root,
>  OTB> then you could swap the gnupg-binary, the shell-binary or
>  OTB> whatever.
> 
> Not quite, gpg drops root priviledges as soon as protected memory has
> been reserved. <...>

I think you're missing my point. It is not whether a setuid gnupg
drops priviledges or not. Beeing root, I could easily scan your gpg
process, read your keyboard input, or more interesting: just replace
the gnupg binary with a trojan. It would't help you a tiny bit that
you're not using a gpg (statically or dynamically linked) that was not
implemented in a more api-friendly fashion or not. So much for
"protecting the environment".

> Having said that, the best way would be to have OS support for
> secure memory in non-root applications ...

I agree.

Olaf
-- 
Olaf Trygve Berglihn <olafb at pvv.org>