gpg im CGI Script
Stefan Suurmeijer
stefan@symbolica.nl
Wed, 5 Jul 2000 22:42:30 +0200 (CEST)
On Wed, 5 Jul 2000, L. Sassaman wrote:
> On Wed, 5 Jul 2000, Stefan Suurmeijer wrote:
>
> > Hmm, SUID root (chmod +s) can be dangerous as recent exploits have
> > shown. Adding no-secmem-warning to your .gnupg/options file is a valid
> > alternative for getting rid of the secure memory message.
>
> Do you own a car? What would you do if a mechanic told you "Hey, you have
> this "brake pad" warning light on your dash. You want I should remove the
> light for you?"
Wow, if you only explained that to me earlier, would have saved me a lot
of traffic tickets ;-). And yes, it would help me get rid of that annoying
light.
>
> Sheesh. no-secmem-warning exists for cases when you simply can't make gpg
> suid. But in those cases it shouldn't be treated as secure.
> >
>
Personally, I'd rather drive without brakes in my own backyard (and
unfortunately I do know some of my servers better than my backyard) than
having the brakes fixed at the expense of the door locks. Not much use in
having excellent brakes if your car is stolen.
Anyway, advising people to use secure memory by using suid is great, but
make sure you warn them that for some kernel versions they might be
opening themselves up to other risks. There are people out there that
don't know that.
Stefan