Agent socket security

Nicholas Cole nicholas.cole at gmail.com
Sun May 11 11:01:15 CEST 2014


Dear list,

This is a question that comes out of my own ignorance, but what stops one
user on a system maliciously connecting to another user's gpg-agent, and is
this mechanism secure on all platforms?

After all, isn't gpg-agent listening on a socket for commands? Presumably
it is hard to authenticate whether the source of those commands is
legitimate.

Is this the mechanism being relied on?

http://unix.stackexchange.com/questions/83032/which-systems-do-not-honor-socket-read-write-permissions

I presume listening on a network socket would simply be impossible to trust
(without some separate username/password).

I'm sure I must be missing something, so forgive the naive question!

N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140511/fda28f5d/attachment.html>


More information about the Gnupg-devel mailing list