GnuPG 1.1.90 released

Ian Jackson ijackson at
Wed Jul 3 19:57:01 CEST 2002

David Shaw writes ("Re: GnuPG 1.1.90 released"):
> Right.  I said all this in my original post.  "...nothing that a
> executed program could do to GnuPG that the user could not do on the
> command line."  This is not news.  This was a design goal.
> A malicious extension however runs within the GnuPG address
> space. Forget malicious code running with the same uid - this is
> malicious code running within the process!

You are still confused.

There is NEGLIBIBLE addition exposure if malicious code runs in the
same address space, compared to having it running as a subprocess as
the same user.  The *only* difference is that the malicious code
might, if gnupg was set-id, have to wait for the user to invoke gnupg
a second time.

> My current inclination is that doing this is ok, but to add permission
> and ownership checks on the enclosing directory to go along with the
> existing ownership check of the extension file itself.  That can at
> least catch obvious configuration mistakes.  Werner, what do you
> think?

Blow your foot off checks are sensible.


More information about the Gnupg-devel mailing list