Check for file permissions is rather weak
Christian Biere
Gnupg-devel@gnupg.org
Wed Dec 11 11:14:01 2002
--E39vaYmALEf/7YXx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Marcus Brinkmann schrieb:
> How do you replace it with something owned by you or root without being you
> or root in the first place?
The options file might be located in /usr/gnu/share/gnupg with share
writeable for group. Now, anyone of this group could replace gnupg
with another directory owned by me or root. Maybe he finds the one
I used for testing with not-so-good settings. Of course, in this
scenario we have more than one problem but gpg pretends it has
checked the situation and found no problems.
Christian
--E39vaYmALEf/7YXx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)
iQCVAwUBPfcQG9/kIoG9jxf5AQEnQgP/bjNUHfdlxttMtjqn4tuKKAhBdUDhm4Pk
RdUsVQXnYuUEuXG98T34OvZrfDFJj1DSHh7DanPf/U1ArpHvL6MO9WTe2OtDu1Fm
I8Y+L/y2eq5k5lQ0LcMOXI15fBVq9Gq8HwJrZQk05bbzE79YEP7B/VeIREONHgz+
9Ia/pSV2QcU=
=0t5k
-----END PGP SIGNATURE-----
--E39vaYmALEf/7YXx--