Check for file permissions is rather weak
David Shaw
dshaw@jabberwocky.com
Tue Dec 10 17:48:01 2002
On Tue, Dec 10, 2002 at 05:21:06PM +0100, Christian Biere wrote:
> Hi,
>
> when I use the option '--options' gpg checks whether the given file is
> owned by me or root. It also checks whether this file is writeable by
> others than me or root. This check is performed for the directory of this
> file, too. However, gpg does not verify any permissions above the
> directory the file is member of. Therefore, these checks are not
> very satifying, as someone could mv this directory away and replace it
> with something else.
That is correct. There is even a comment about this in the code. It
was something that was considered at the time, but after a while I
relaxed the permission warnings as there are countless ways that
people configure their systems, and the permissions check was coming
up with false alarms for valid configurations.
The permissions check is only one more check that should be combined
with a generally rational system setup. Without that base level,
GnuPG can't be secure anyway (say, if the gpg binary or its enclosing
directory was world-writable, or something like that).
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson