GnuPG 1.1.90 released
David Shaw
dshaw at jabberwocky.com
Wed Jul 3 20:30:02 CEST 2002
On Wed, Jul 03, 2002 at 05:57:58PM +0100, Ian Jackson wrote:
> There is NEGLIBIBLE addition exposure if malicious code runs in the
> same address space, compared to having it running as a subprocess as
> the same user. The *only* difference is that the malicious code
> might, if gnupg was set-id, have to wait for the user to invoke gnupg
> a second time.
It sounds like we pretty much agree here except on this point. :)
As I see it, it is significantly easier to write a cipher extension
module (which gets directly handed the unencrypted data on a silver
platter) to compromise that data than it is for a separate process to
be written to do the same thing.
I agree with you completely that both are *possible*, but I think the
bar for an attacker is lower in a cipher extension.
In any event, GnuPG warns before loading a cipher extension unless
it's owned by root or the current user.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list