Agent socket security
nicholas.cole at gmail.com
Sun May 11 11:01:15 CEST 2014
This is a question that comes out of my own ignorance, but what stops one
user on a system maliciously connecting to another user's gpg-agent, and is
this mechanism secure on all platforms?
After all, isn't gpg-agent listening on a socket for commands? Presumably
it is hard to authenticate whether the source of those commands is
Is this the mechanism being relied on?
I presume listening on a network socket would simply be impossible to trust
(without some separate username/password).
I'm sure I must be missing something, so forgive the naive question!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-devel