Check for file permissions is rather weak

Christian Biere gnupg-devel@gnupg.org
Tue Dec 10 17:20:02 2002


--61jdw2sOBCFtR2d/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi,

when I use the option '--options' gpg checks whether the given file is
owned by me or root. It also checks whether this file is writeable by
others than me or root. This check is performed for the directory of this
file, too. However, gpg does not verify any permissions above the
directory the file is member of. Therefore, these checks are not
very satifying, as someone could mv this directory away and replace it
with something else.

Christian

--61jdw2sOBCFtR2d/
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)

iQCVAwUBPfYUcd/kIoG9jxf5AQHP3wP9FyrZ+sRTOOilUefD+4zSLrvUt+JIORxy
OVHtELJuDIO/nquz9E9iTCsbDeYjr53cPPjSNKNooXw0kc/Zwbq6bdCkEhxgFdQd
En91caTKVS7b+evip7GLlHbtxGWn/J5vNhyGqiliRozFuzkESW/ILgJGoekIg+Ui
YI+jqRVGBDc=
=e0ZK
-----END PGP SIGNATURE-----

--61jdw2sOBCFtR2d/--