GnuPG 1.1.90 released
Adrian 'Dagurashibanipal' von Bidder
avbidder@fortytwo.ch
Wed Jul 3 09:45:01 2002
--=-QYZWV2QoFNxSJPWAM7+j
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
[ ... module-path ... careful: gpg might be corrupted if malicious
modules are loaded ... ]
While I agree with David Champion's point that this would be the user's
(or admin's) problem, how about gpg verifying extensions before loading?
Assumed the location where the secring is stored is safe, signatures of
the modules could be stored there, too. gpg would then only load
extensions properly signed by a trusted signature.
(Of course gpg binary could be protected that way, too, but you'd have a
hen-egg problem then. Also, this assumes that at least this type of
signatures can be verified without any extensions loaded.).
Just an idea.
cheers
-- vbi
--=20
secure email with gpg http://fortytwo.ch/gpg
--=-QYZWV2QoFNxSJPWAM7+j
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA9IqvOwj49sl5Lcx8RAgu4AJwL72CpLPdXJmaK50iMToi0EZV5RQCcDHEw
JCS4rGDOHdcbLnsFBrQQfCA=
=bYsX
-----END PGP SIGNATURE-----
--=-QYZWV2QoFNxSJPWAM7+j--