A FAQ question

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Sat Aug 31 11:20:03 2002


--=-/rVMWhnLZo1LSY/9ZgJV
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-08-28 at 21:51, David Scribner wrote:

> should you desire to not setuid root on the gpg binary, you can

Hmmm. If you're going to be newbie-friendly in the FAQ, can (and should)
there be a very short remark about why somebody would desire gpg not to
be suid root? I remember that, being new to unix, it was quite a while
before I really knew what the consequences of something being 'suid
root' are.

Something like 'You should be aware that by setting something suid root,
you're giving that program permission to do everything.'

Don't know if this would just cause even more confusion, though.

Amish: I guess you are new enough that you would profit by such a
description. The following is, however, too long for an entry in the gpg
FAQ (I guess. David, feel free to do anything you like with this text if
you feel otherwise).

By setting the 'suid' bit on a program, it is executed not with the
permission of the user executing it, but with the permissions of the
user owning it (ls -l <programname> shows the owner), usually root.

This means that this program can, in theory, do everything it wants, to
any files (those of other users, too) on the system. This has in the
past repeatedly caused problems, when a 'suid root' program had a bug so
that a user could cause it to do undesired things (overwrite or read
files the user shouldn't be able to, normally).

In gpg, the potential for such bugs is extremely small: gpg does start
with root permissions, but after allocating this secure memory, it drops
the root privilege and continues running just as a 'normal' program
would.

cheers
-- vbi

--=20
secure email with gpg                        http://fortytwo.ch/gpg

NOTICE: keyserver.kjsl.com is known to carry a valid copy of my key

--=-/rVMWhnLZo1LSY/9ZgJV
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iHQEABECADQFAj1tvsUtGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt
YWlsLjIwMDIwODIyAAoJECqqZti935l6pRUAmwbs41vYpcc2bArrJDc5IO8OsDpq
AJ0Vhc0gYULVMy3dwDJrCzUqXsJ23w==
=PO1c
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/gpg/policy/email.20020822

--=-/rVMWhnLZo1LSY/9ZgJV--