[PATCH GnuPG] agent: Enable restricted, browser, and ssh socket by default.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Sep 20 21:54:45 CEST 2016
On Tue 2016-09-20 15:04:20 -0400, Werner Koch wrote:
> On Tue, 20 Sep 2016 03:22, dkg at fifthhorseman.net said:
>
>> offering the restricted socket in addition to the normal socket doesn't
>> seem to increase the attack surface.
>
> It does because its intended use is for remote boxes.
surely it's the forwarding of this socket to remote boxes that increases
the attack surface, and not creating it locally, though?
you asked:
> Who wants to use something restricted ;)
And i'd say "i do!" I'd much rather have the overwhelming majority of
my local desktop session be restricted in what it can do to manipulate
my secret keys.
I'll be working at some point (and would love help on!) on a restricted
profile for the gpg-agent, to make it easier for people to completely
isolate their secret keys, e.g. behind a separate user account. This
kind of restriction is a good practice and we should be encouraging it.
With this system integration work, i'll certainly dynamically configure
gpg-agent to make sure it's only exposing the "extra" socket. I'd hope
that such a configuration would be considered a supported configuration.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20160920/31d7f78f/attachment.sig>
More information about the Gnupg-devel
mailing list