[Patch] Permissions checking and warnings

Bob Luckin bob at ti.com
Tue May 22 19:32:02 CEST 2001

On Tue, May 22, 2001 at 05:00:53AM +0300, Lefteris Chatzibarbas wrote:
> Ok, this new patch checks permissions of the homedir (700), all secret
> keyrings (600) and random seed file (600).

If this is the user's homedir you are checking, then I would say that 700
may be too restrictive (the problem is that this is really a matter of
individual taste...)  However, if by homedir, you mean ~/.gnupg or its
equivalent, then I have no problem with that.

> It also adds a command line option "--no-permissions-check" that skips all
> the permission checks.
> I think that when someone finds the permissions strict can just disable the
> warnings and set modes in whatever way he wants, because most certainly he
> knows what he's doing (ie. acknowledges the security risks of allowing access to
> secring.gpg).
> Eager to receive comments/suggestions/anything...

You might consider whether it is worth having additional switches which just
disable the check for a single test, eg. "--no-seed-permissions-check".
I'm not sure whether there is a general desire for this or not; I just
wanted to raise the issue in case you hadn't already thought of it...

Cheers, Bob
Bob Luckin      bob at ti.com

More information about the Gnupg-devel mailing list