New command line language parameter
Robert J. Hansen
rjh at sixdemonbag.org
Thu Feb 8 23:37:05 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
> The present Windows GnuPG 1.4.X installs assume people [run
> as Administrator].
The installer requires Administrator rights to install to the program
files directory, just like every other Win32 program that wants to
install there. Once installed, GnuPG does not require Administrator
rights to run.
> All they had to do was to copy and paste, AND THEN ALTER
> SOME VARIABLES.
This is unwise from a security perspective. Messing up a registry
file can have terrible consequences. If you're advocating that
people make edits to a registry file without understanding the
registry, what they're looking at, what they're changing, etcetera,
then disaster is waiting in the wings.
Regular users should not edit the Windows registry. Ever.
> There are several other things going along with this like the fact
> without using higher order registry editing tools (not regedit) you
> can't normally dive into anybody else's HKCU hive.
This is by design; it's an important security mechanism. Alice
shouldn't be allowed to inspect or modify Bob's registry entries.
Only the Administrator should have access to everyone's registry
Please consider the implications of advocating that people bypass a
security mechanism so they can install a piece of security software.
It doesn't make much sense.
> What is being provided in the GnuPG install is only suitable for
> idiots who run as an Administrator, all the time with only one
> account on the system and that one is an Administrator account...
Please do not insult regular users by calling them idiots.
The GnuPG installer is suitable for many kinds of Windows users.
Speaking for myself, I administer a small XP network with several
users, all of whom have GnuPG available to them. Their user accounts
don't have Administrator privileges. The installer worked just fine
> One of the things that has occurred to me is to ask the question
> "can I make GnuPG say a signed message is okay whether it is or
> not?" By that I mean, can I by changing just the message strings
> of GnuPG make all signed messages show up as okay?
Sure. But if you install it as Administrator, then you need
Administrator privileges to modify the file. If a malicious attacker
has Administrator access to your Windows box, then it's a game-over
condition anyway and there's nothing GnuPG can do to fix this.
> If you don't think that if GnuPG takes off like mad on Windows
According to the Enigmail folks, their number of Windows downloads
are routinely an order of magnitude larger than their number of UNIX
downloads. This strongly suggests more people run GnuPG on Windows
than run GnuPG on UNIX.
> That is probably more of a flame against Windows users who run their
> systems in a stupid manner than a slam against Microsoft, although
> Microsoft doesn't help very much.
Again, we don't need to insult either users or corporations as being
> If any of you have information of running GnuPG in a Windows
> environment with some other way of doing it other than as always
> one user with an Administrator account ship it to me.
Get the zip archive, uncompress it to some directory you own, add
that directory to your own personal PATH.
> On the other hand if you want to flame me and say I am stupid,
> or that I need lessons in writing, or that all I am doing is
> spamming like a University Computer Science Professor recently
> said I was doing (I believe he was the department chair),
I'm not a professor. I'm a pre-comps Ph.D. candidate in computer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
-----END PGP SIGNATURE-----
More information about the Gnupg-users