[Patch] Permissions checking and warnings
Bob Luckin
bob at ti.com
Tue May 22 19:32:02 CEST 2001
On Tue, May 22, 2001 at 05:00:53AM +0300, Lefteris Chatzibarbas wrote:
> Ok, this new patch checks permissions of the homedir (700), all secret
> keyrings (600) and random seed file (600).
If this is the user's homedir you are checking, then I would say that 700
may be too restrictive (the problem is that this is really a matter of
individual taste...) However, if by homedir, you mean ~/.gnupg or its
equivalent, then I have no problem with that.
> It also adds a command line option "--no-permissions-check" that skips all
> the permission checks.
>
> I think that when someone finds the permissions strict can just disable the
> warnings and set modes in whatever way he wants, because most certainly he
> knows what he's doing (ie. acknowledges the security risks of allowing access to
> secring.gpg).
>
> Eager to receive comments/suggestions/anything...
You might consider whether it is worth having additional switches which just
disable the check for a single test, eg. "--no-seed-permissions-check".
I'm not sure whether there is a general desire for this or not; I just
wanted to raise the issue in case you hadn't already thought of it...
Cheers, Bob
--
Bob Luckin bob at ti.com
More information about the Gnupg-devel
mailing list