A FAQ question

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Sat Aug 31 11:20:03 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-08-28 at 21:51, David Scribner wrote:

> should you desire to not setuid root on the gpg binary, you can

Hmmm. If you're going to be newbie-friendly in the FAQ, can (and should)
there be a very short remark about why somebody would desire gpg not to
be suid root? I remember that, being new to unix, it was quite a while
before I really knew what the consequences of something being 'suid
root' are.

Something like 'You should be aware that by setting something suid root,
you're giving that program permission to do everything.'

Don't know if this would just cause even more confusion, though.

Amish: I guess you are new enough that you would profit by such a
description. The following is, however, too long for an entry in the gpg
FAQ (I guess. David, feel free to do anything you like with this text if
you feel otherwise).

By setting the 'suid' bit on a program, it is executed not with the
permission of the user executing it, but with the permissions of the
user owning it (ls -l <programname> shows the owner), usually root.

This means that this program can, in theory, do everything it wants, to
any files (those of other users, too) on the system. This has in the
past repeatedly caused problems, when a 'suid root' program had a bug so
that a user could cause it to do undesired things (overwrite or read
files the user shouldn't be able to, normally).

In gpg, the potential for such bugs is extremely small: gpg does start
with root permissions, but after allocating this secure memory, it drops
the root privilege and continues running just as a 'normal' program

-- vbi

secure email with gpg                        http://fortytwo.ch/gpg

NOTICE: keyserver.kjsl.com is known to carry a valid copy of my key

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.0.7 (GNU/Linux)

Signature policy: http://fortytwo.ch/gpg/policy/email.20020822