Check for file permissions is rather weak
David Shaw
dshaw@jabberwocky.com
Thu Dec 12 04:08:01 2002
On Wed, Dec 11, 2002 at 11:14:51AM +0100, Christian Biere wrote:
> Marcus Brinkmann schrieb:
> > How do you replace it with something owned by you or root without being you
> > or root in the first place?
>
> The options file might be located in /usr/gnu/share/gnupg with share
> writeable for group. Now, anyone of this group could replace gnupg
> with another directory owned by me or root. Maybe he finds the one
> I used for testing with not-so-good settings. Of course, in this
> scenario we have more than one problem but gpg pretends it has
> checked the situation and found no problems.
It is wrong to assume that the permissions check in GnuPG is intended
to be authoritative. It's not. Given the threat that the permissions
check is intended to address (protect you from another user on the
same machine), there are countless ways to subvert the system. The
permission check is only intended to give a warning for some common
problems.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson