Storing keys under a different user...

[Thomas Sjögren]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Feb 11, 2004 at 04:30:22PM -0500, Nicholas Paul Johnson wrote:
> Then, when user nick wants to do any gnupg operation, he would
> setuid(f(uid(nick))), read the key, restore user id, and procede.  

How will the user be authenticated in this setup?
Lets say the the user Alice hasn't really grasp the concept of passwords
(she uses a weak one or writes it down and hides the note under her
keyboard or whatever) and a attacker is able to login as Alice. If i
haven't misunderstood your idea the attacker will then have access to
the keys, which means this setup doesn't really change anything from the
present setup (unless you got world rw-rights on you home and .gnupg
folders).

> This way, the key is secure, because no trojan running as a user would be
> able to read the key, unless it somehow had (A) compromized root, which is
> problem in itself, or (B) successfully logged in as nick_key, which is
> (theoretically) not going to happen either.

If one is to write a trojan to steal keys, i dont think the first
priority is to steal the actual keys but to insert a keylogger and thus
steal the password which is basically the only thing that protects your
keys if you've gotten into this situation.

/Thomas
- -- 
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQCqsX9XAsD67qPj1AQLYGgf/dy2IHlDryYaS9IFeoTOyqzNvbRBcrFC2
gEWscy+7UGrHeNt91ypLNGkqlqrjqXRqa0izKmd2WcZTEhmL6UJR11jQwxT9hf7b
eGE51NTCctjfUhfoIavJLGghte2ATA0xVqlzJ0Tx0GASp4B7Y5gEirqVNmgYKI98
o53qYLoT8/VukkcZrEeUo72WenF9kp8F+I8DtY4hoGrjMumieWH9s2ax4LyBsr89
PZAiV/oVsj6iiRX4JINvrrOWN1L1y2B5PsDB2/yzhLWMsqqTFtMjSW/DJ5rVguYZ
nLSKLKTWr/KRBq+55t+mqYrmDuLVB2Oibhyd/5kD0jm3AimxuCDRkw==
=W5oe
-----END PGP SIGNATURE-----