Check for file permissions is rather weak

David Shaw dshaw at
Tue Dec 10 17:48:01 CET 2002

On Tue, Dec 10, 2002 at 05:21:06PM +0100, Christian Biere wrote:
> Hi,
> when I use the option '--options' gpg checks whether the given file is
> owned by me or root. It also checks whether this file is writeable by
> others than me or root. This check is performed for the directory of this
> file, too. However, gpg does not verify any permissions above the
> directory the file is member of. Therefore, these checks are not
> very satifying, as someone could mv this directory away and replace it
> with something else.

That is correct.  There is even a comment about this in the code.  It
was something that was considered at the time, but after a while I
relaxed the permission warnings as there are countless ways that
people configure their systems, and the permissions check was coming
up with false alarms for valid configurations.

The permissions check is only one more check that should be combined
with a generally rational system setup.  Without that base level,
GnuPG can't be secure anyway (say, if the gpg binary or its enclosing
directory was world-writable, or something like that).


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list