More format string fixes for 1.2.3

Werner Koch wk at
Wed Dec 17 12:39:34 CET 2003

On Wed, 17 Dec 2003 11:04:50 +0100, Bernd Eckenfels said:

> I hate to repeat Theo, he claimed something like "there are no uncritical
> code sections, or uncritical security fixes". You never know how users are
> calling gpg from which context, and it may allow priveldge escalation. Sorry

I did not say that this does not need fixing and I actually did it
already.  However, there is no way to exploit it.  GnuPG may only run
under suid root before reading the option file or accessing any file.
There are even some checks to make sure that privilges have been


Werner Koch                                      <wk at>
The GnuPG Experts                      
Free Software Foundation Europe        

More information about the Gnupg-devel mailing list