GnuPG 1.1.90 released

David Shaw dshaw at
Wed Jul 3 20:30:02 CEST 2002

On Wed, Jul 03, 2002 at 05:57:58PM +0100, Ian Jackson wrote:
> There is NEGLIBIBLE addition exposure if malicious code runs in the
> same address space, compared to having it running as a subprocess as
> the same user.  The *only* difference is that the malicious code
> might, if gnupg was set-id, have to wait for the user to invoke gnupg
> a second time.

It sounds like we pretty much agree here except on this point. :)

As I see it, it is significantly easier to write a cipher extension
module (which gets directly handed the unencrypted data on a silver
platter) to compromise that data than it is for a separate process to
be written to do the same thing.

I agree with you completely that both are *possible*, but I think the
bar for an attacker is lower in a cipher extension.

In any event, GnuPG warns before loading a cipher extension unless
it's owned by root or the current user.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list