Confirmation for cached passphrases useful?
wk at gnupg.org
Fri Oct 15 12:28:33 CEST 2010
On Wed, 13 Oct 2010 17:51, dkg at fifthhorseman.net said:
> If i run the agent locally, and forward access to it to a constrained
> account, then the constrained account (which is talking to the agent)
> *does not* have the ability to simulate such X11 events.
You mean to a different X server? For example from a nested one to the
main X server? Then why do you want to have this yes/no prompt, the
other X server has no access to the pinentry.
I doubt that it is possible to have a restricted account running on the
same X server.
> requires, say, an ACPI event, or a special keypress (not an X11 event)
> from a designated hardware button. in that case, malicious code with
> access to the X11 session could detect that a prompt had been made, and
If there is malicious code running on your machine with access to
resources under your control, I can only say: game over. No external
button will help you here.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users