security issue with signing files

Johan Wevers
Sun Nov 25 12:20:01 2001

Kent Tong wrote:

> Suppose a user is about to sign a file that he has just viewed, but
> someone else modifies the files over the network, then he will sign over
> the arbitrary contents written by anyone who has write access?

This problem always exists when your computer can be accessed by others.

> How to solve this problem?

Sign only files in non-shared locations.

> This is a common case when the superior is reviewing and signing
> a document (in a shared project folder) created by a subordinate.

A common case? Does this situation occor this often in practice?

Anyway, copy the file to a local directory, sign it, and then copy it

ir. J.C.A. Wevers         //  Physics and science fiction site:   //
PGP/GPG public keys at