Confirmation for cached passphrases useful?

Hauke Laging mailinglisten at
Tue Oct 12 11:10:31 CEST 2010

Am Dienstag 12 Oktober 2010 06:34:48 schrieb Robert J. Hansen:

> If my attack gives me unprivileged access I'm going to escalate it to root.

"going to", yes.

> This is straight out of the malware
> playbook, and malware authors have a great many ways to achieve it.

I think that it is not useful to equalize unpriviledged and root access. This 
seems to me a bit ignorant of people trying to get their systems secure. :-)

> Heck, this doesn't even defend against an *unprivileged* attack.  Give
> me unprivileged access to your user account I'll edit your .profile to
> put a .malware/ subdirectory on your PATH and drop my trojaned GnuPG in
> there.

There are ways to prevent this. E.g. I protect important and hardly ever 
changed files like ~/.gnupg/options with root priviledge (chattr immutable on 
ext3). My most threatened processes (browser, IM) are covered by AppArmor 
profiles which hevily restrict access to $HOME but not to /tmp. These cannot 
access the secret keys, of course. But due to the new design of GnuPG 2.1 this 
may change.

> This seems like an niche solution to a problem which, as of right now,
> is nonexistent.

As Daniel already pointed out: Few people do but there are possibilities to 
harden your system. It would seem strange if of all things a security software 
put a limit to such efforts. Thus gpg should offer improvements even if these 
do not make much sense ALONE (which should be mentioned in the documentation).

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101012/e6f0162f/attachment.pgp>

More information about the Gnupg-users mailing list