Agent socket security
Nicholas Cole
nicholas.cole at gmail.com
Sun May 11 11:01:15 CEST 2014
Dear list,
This is a question that comes out of my own ignorance, but what stops one
user on a system maliciously connecting to another user's gpg-agent, and is
this mechanism secure on all platforms?
After all, isn't gpg-agent listening on a socket for commands? Presumably
it is hard to authenticate whether the source of those commands is
legitimate.
Is this the mechanism being relied on?
http://unix.stackexchange.com/questions/83032/which-systems-do-not-honor-socket-read-write-permissions
I presume listening on a network socket would simply be impossible to trust
(without some separate username/password).
I'm sure I must be missing something, so forgive the naive question!
N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140511/fda28f5d/attachment.html>
More information about the Gnupg-devel
mailing list