Storing keys under a different user...
Peter Valdemar Mørch
swp5jhu02 at sneakemail.com
Thu Feb 12 08:41:45 CET 2004
Thomas Sjögren thomas-at-northernsecurity.net |Lists| wrote:
> On Wed, Feb 11, 2004 at 04:30:22PM -0500, Nicholas Paul Johnson wrote:
>
>>>Then, when user nick wants to do any gnupg operation, he would
>>>setuid(f(uid(nick))), read the key, restore user id, and procede.
>
>
> If i haven't misunderstood your idea the attacker will then
> have access to the keys, which means this
> setup doesn't really change anything from the
> present setup (unless you got world rw-rights on you home and .gnupg
> folders).
I don't think I understand your objection: Only the specially
priviledged chmod +s /usr/bin/gpg (or whatever) would be able to access
nick's keys. None of the standard cat, copy, scp etc. would be able to
access them. Things *have* changed.
On a similar point: W/Should the user nick then be able to execute:
gpg --edit
gpg [-a] --export
or especially:
gpg [-a] --export-secret-keys
?
I guess these should now request the password, or the whole exercise is
meaningless. Are the other similar operations that should change to
require a password?
And editing the ~nick_key/.gnupg/gpg.conf should still be possible
(only) for nick, right? Some way to do that also needs to be present.
Peter
--
Peter Valdemar Mørch
http://www.morch.com
More information about the Gnupg-users
mailing list