GnuPG 1.1.90 released

David Shaw dshaw at jabberwocky.com
Wed Jul 3 20:30:02 CEST 2002


On Wed, Jul 03, 2002 at 05:57:58PM +0100, Ian Jackson wrote:
> There is NEGLIBIBLE addition exposure if malicious code runs in the
> same address space, compared to having it running as a subprocess as
> the same user.  The *only* difference is that the malicious code
> might, if gnupg was set-id, have to wait for the user to invoke gnupg
> a second time.

It sounds like we pretty much agree here except on this point. :)

As I see it, it is significantly easier to write a cipher extension
module (which gets directly handed the unencrypted data on a silver
platter) to compromise that data than it is for a separate process to
be written to do the same thing.

I agree with you completely that both are *possible*, but I think the
bar for an attacker is lower in a cipher extension.

In any event, GnuPG warns before loading a cipher extension unless
it's owned by root or the current user.

David

-- 
   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson




More information about the Gnupg-devel mailing list