GnuPG 1.1.90 released

Ian Jackson ijackson at chiark.greenend.org.uk
Wed Jul 3 16:17:02 CEST 2002


David Shaw writes ("Re: GnuPG 1.1.90 released"):
> The photo viewers and keyserver helpers run in a separate process, and
> inherit nothing except stdin/stdout from the GnuPG process.  The
> interface was intentionally written to make sure that there was
> nothing that a executed program could do to GnuPG that the user could
> not do on the command line.

The helpers can ptrace the gnupg process (if gnupg is not set-id) or
the user's terminal emulator, or preempt gnupg's terminal input, or
fake up terminal input using fancy tty ioctls, or change the user's
configuration to run a trojanned version of gnupg, or ...

There is no point attempting to defend against malicious code running
with the same UN*X uid.

Likewise, there is no point attempting to defend against malicious
environment variables or configuration files.  It might be useful to
try to detect certain common mistakes, but it's not at all clear that
putting untrustworthy directories on various paths is going to be a
very common mistake.  Certainly if it is PATH is much more likely to
be involved than the gnupg module loading path !

Ian.




More information about the Gnupg-devel mailing list