Confirmation for cached passphrases useful?
Hauke Laging
mailinglisten at hauke-laging.de
Tue Oct 12 11:10:31 CEST 2010
Am Dienstag 12 Oktober 2010 06:34:48 schrieb Robert J. Hansen:
> If my attack gives me unprivileged access I'm going to escalate it to root.
"going to", yes.
> This is straight out of the malware
> playbook, and malware authors have a great many ways to achieve it.
I think that it is not useful to equalize unpriviledged and root access. This
seems to me a bit ignorant of people trying to get their systems secure. :-)
> Heck, this doesn't even defend against an *unprivileged* attack. Give
> me unprivileged access to your user account I'll edit your .profile to
> put a .malware/ subdirectory on your PATH and drop my trojaned GnuPG in
> there.
There are ways to prevent this. E.g. I protect important and hardly ever
changed files like ~/.gnupg/options with root priviledge (chattr immutable on
ext3). My most threatened processes (browser, IM) are covered by AppArmor
profiles which hevily restrict access to $HOME but not to /tmp. These cannot
access the secret keys, of course. But due to the new design of GnuPG 2.1 this
may change.
> This seems like an niche solution to a problem which, as of right now,
> is nonexistent.
As Daniel already pointed out: Few people do but there are possibilities to
harden your system. It would seem strange if of all things a security software
put a limit to such efforts. Thus gpg should offer improvements even if these
do not make much sense ALONE (which should be mentioned in the documentation).
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101012/e6f0162f/attachment.pgp>
More information about the Gnupg-users
mailing list