security issue with signing files
Johan Wevers
johanw@vulcan.xs4all.nl
Sun Nov 25 12:20:01 2001
Kent Tong wrote:
> Suppose a user is about to sign a file that he has just viewed, but
> someone else modifies the files over the network, then he will sign over
> the arbitrary contents written by anyone who has write access?
This problem always exists when your computer can be accessed by others.
> How to solve this problem?
Sign only files in non-shared locations.
> This is a common case when the superior is reviewing and signing
> a document (in a shared project folder) created by a subordinate.
A common case? Does this situation occor this often in practice?
Anyway, copy the file to a local directory, sign it, and then copy it
back.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html