More format string fixes for 1.2.3

Werner Koch wk at gnupg.org
Wed Dec 17 12:39:34 CET 2003


On Wed, 17 Dec 2003 11:04:50 +0100, Bernd Eckenfels said:

> I hate to repeat Theo, he claimed something like "there are no uncritical
> code sections, or uncritical security fixes". You never know how users are
> calling gpg from which context, and it may allow priveldge escalation. Sorry

I did not say that this does not need fixing and I actually did it
already.  However, there is no way to exploit it.  GnuPG may only run
under suid root before reading the option file or accessing any file.
There are even some checks to make sure that privilges have been
dropped.

  Werner

-- 
Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org




More information about the Gnupg-devel mailing list