Alternate egd socket
Alexander Zimmermann
Alexander.Zimmermann at fmi.uni-passau.de
Fri Feb 11 09:17:55 CET 2000
On 10 Feb, Werner Koch wrote:
> On Thu, 10 Feb 2000, Dave Dykstra wrote:
>
>> Yes, it is. Do you agree that it is a security problem if you let any user
>> create the /tmp/entropy to be shared by everybody?
>
> Sure. Maybe it is better to put it into /var/lib/egd/entropy as /etc
> maybe readonly but I don't know about file system standards on other
> systems aside GNU and Linux.
>
At the moment I start EGD in runlevel 2 with uid root and socket
/tmp/.gnupg/entropy. Therefore /tmp/.gnupg/entropy exists before any
user has the chance to log in, and /tmp/.gnupg only has write permission
for root itself.
> Better get at least _some_bytes from EGD and use an option to disable
> it entirely.
That would be cool. As it's really annoying waiting more than 1 minute
to get 1kB encrypted.
Thanx
--
Alexander
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Alexander.Zimmermann at FMI.Uni-Passau.De | for PGP public key finger
http://www.fmi.uni-passau.de/~zimmerma | zimmerma at kirk.fmi.uni-passau.de
More information about the Gnupg-devel
mailing list