Storing keys under a different user...

Peter Valdemar Mørch swp5jhu02 at sneakemail.com
Thu Feb 12 08:41:45 CET 2004


Thomas Sjögren thomas-at-northernsecurity.net |Lists| wrote:

> On Wed, Feb 11, 2004 at 04:30:22PM -0500, Nicholas Paul Johnson wrote:
> 
>>>Then, when user nick wants to do any gnupg operation, he would
>>>setuid(f(uid(nick))), read the key, restore user id, and procede.  
> 
> 
> If i haven't misunderstood your idea the attacker will then 
 > have access to the keys, which means this
 > setup doesn't really change anything from the
> present setup (unless you got world rw-rights on you home and .gnupg
> folders).

I don't think I understand your objection: Only the specially 
priviledged chmod +s /usr/bin/gpg (or whatever) would be able to access 
nick's keys. None of the standard cat, copy, scp etc. would be able to 
access them. Things *have* changed.

On a similar point: W/Should the user nick then be able to execute:
gpg --edit
gpg [-a] --export
or especially:
gpg [-a] --export-secret-keys
?

I guess these should now request the password, or the whole exercise is 
meaningless. Are the other similar operations that should change to 
require a password?

And editing the ~nick_key/.gnupg/gpg.conf should still be possible 
(only) for nick, right? Some way to do that also needs to be present.

Peter

-- 
Peter Valdemar Mørch
http://www.morch.com



More information about the Gnupg-users mailing list