Check for file permissions is rather weak

Christian Biere cbiere at TechFak.Uni-Bielefeld.DE
Wed Dec 11 11:14:01 CET 2002

Marcus Brinkmann schrieb:
> How do you replace it with something owned by you or root without being you
> or root in the first place?

The options file might be located in /usr/gnu/share/gnupg with share
writeable for group. Now, anyone of this group could replace gnupg
with another directory owned by me or root. Maybe he finds the one
I used for testing with not-so-good settings. Of course, in this
scenario we have more than one problem but gpg pretends it has
checked the situation and found no problems.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 303 bytes
Desc: not available
Url : /pipermail/attachments/20021211/dc096aa3/attachment.bin

More information about the Gnupg-devel mailing list