Check for file permissions is rather weak

Christian Biere cbiere at TechFak.Uni-Bielefeld.DE
Tue Dec 10 17:20:02 CET 2002


when I use the option '--options' gpg checks whether the given file is
owned by me or root. It also checks whether this file is writeable by
others than me or root. This check is performed for the directory of this
file, too. However, gpg does not verify any permissions above the
directory the file is member of. Therefore, these checks are not
very satifying, as someone could mv this directory away and replace it
with something else.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 303 bytes
Desc: not available
Url : /pipermail/attachments/20021210/57810cf3/attachment.bin

More information about the Gnupg-devel mailing list