GPG agent for W32

Dirk Meyer dirk.meyer at dinoex.sub.org
Mon May 14 07:26:01 CEST 2001


Bernd Eckenfels wrote:,

> > As a solution I used a socket together with the loopback
> > interface 127.0.0.1. Now my question, in my opinion to use
> > the 'lo' device prevent users to connect to the used port
> > from the network. Do I miss something or is there a way to
> > connect from outside this machine?
> 
> It is quite secure to use the 127.0.0.1 so nobody from outside can connect
> to it. But since everybody from this local machine can connect to the socket
> you need to think about securing the access to the agent anyway. One bad
> thing about TCP sockets is, that you cant to credential passing as you can
> do with other IPCs like Unix-Domain or Named Pipes.

Allow me to object, this is not secure.
If an attacker can sent a router to you,
he can send packges with destination "127.0.0.1" to you and
connect to your services.

Full Article:
http://www.securityfocus.com/templates/archive.pike?list=1&mid=166648&_ref=1024013255&_ref=430544357

kine regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany




More information about the Gnupg-devel mailing list