GnuPG 1.1.90 released
Ian Jackson
ijackson at chiark.greenend.org.uk
Wed Jul 3 19:57:01 CEST 2002
David Shaw writes ("Re: GnuPG 1.1.90 released"):
> Right. I said all this in my original post. "...nothing that a
> executed program could do to GnuPG that the user could not do on the
> command line." This is not news. This was a design goal.
>
> A malicious extension however runs within the GnuPG address
> space. Forget malicious code running with the same uid - this is
> malicious code running within the process!
You are still confused.
There is NEGLIBIBLE addition exposure if malicious code runs in the
same address space, compared to having it running as a subprocess as
the same user. The *only* difference is that the malicious code
might, if gnupg was set-id, have to wait for the user to invoke gnupg
a second time.
> My current inclination is that doing this is ok, but to add permission
> and ownership checks on the enclosing directory to go along with the
> existing ownership check of the extension file itself. That can at
> least catch obvious configuration mistakes. Werner, what do you
> think?
Blow your foot off checks are sensible.
Ian.
More information about the Gnupg-devel
mailing list