A FAQ question
Adrian 'Dagurashibanipal' von Bidder
Sat Aug 31 11:20:03 2002
On Wed, 2002-08-28 at 21:51, David Scribner wrote:
> should you desire to not setuid root on the gpg binary, you can
Hmmm. If you're going to be newbie-friendly in the FAQ, can (and should)
there be a very short remark about why somebody would desire gpg not to
be suid root? I remember that, being new to unix, it was quite a while
before I really knew what the consequences of something being 'suid
Something like 'You should be aware that by setting something suid root,
you're giving that program permission to do everything.'
Don't know if this would just cause even more confusion, though.
Amish: I guess you are new enough that you would profit by such a
description. The following is, however, too long for an entry in the gpg
FAQ (I guess. David, feel free to do anything you like with this text if
you feel otherwise).
By setting the 'suid' bit on a program, it is executed not with the
permission of the user executing it, but with the permissions of the
user owning it (ls -l <programname> shows the owner), usually root.
This means that this program can, in theory, do everything it wants, to
any files (those of other users, too) on the system. This has in the
past repeatedly caused problems, when a 'suid root' program had a bug so
that a user could cause it to do undesired things (overwrite or read
files the user shouldn't be able to, normally).
In gpg, the potential for such bugs is extremely small: gpg does start
with root permissions, but after allocating this secure memory, it drops
the root privilege and continues running just as a 'normal' program
secure email with gpg http://fortytwo.ch/gpg
NOTICE: keyserver.kjsl.com is known to carry a valid copy of my key
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/gpg/policy/email.20020822