gpg im CGI Script

Stefan Suurmeijer
Wed, 5 Jul 2000 22:42:30 +0200 (CEST)

On Wed, 5 Jul 2000, L. Sassaman wrote:

> On Wed, 5 Jul 2000, Stefan Suurmeijer wrote:
> > Hmm, SUID root (chmod +s) can be dangerous as recent exploits have
> > shown. Adding no-secmem-warning to your .gnupg/options file is a valid
> > alternative for getting rid of the secure memory message.
> Do you own a car? What would you do if a mechanic told you "Hey, you have
> this "brake pad" warning light on your dash. You want I should remove the
> light for you?"
Wow, if you only explained that to me earlier, would have saved me a lot of traffic tickets ;-). And yes, it would help me get rid of that annoying light.
> Sheesh. no-secmem-warning exists for cases when you simply can't make gpg
> suid. But in those cases it shouldn't be treated as secure.
> >
Personally, I'd rather drive without brakes in my own backyard (and unfortunately I do know some of my servers better than my backyard) than having the brakes fixed at the expense of the door locks. Not much use in having excellent brakes if your car is stolen. Anyway, advising people to use secure memory by using suid is great, but make sure you warn them that for some kernel versions they might be opening themselves up to other risks. There are people out there that don't know that. Stefan