Confirmation for cached passphrases useful?

Werner Koch wk at
Fri Oct 15 18:23:02 CEST 2010

On Fri, 15 Oct 2010 12:55, mailinglisten at said:

> Following your pessimistic attitude there would hardly be any reason not to 
> work as root.

Nope.  Not working under root is important to keep the system stable and
provide access restrictions to the non-malicious users.

OTOH, it is hard enough to close all remotely exploitable bugs.  Given
the constant proliferation of local privilege escalation bugs, it seems
to me not possible for the majority of systems to keep them *all*
closed.  Look only on how many admins are proud of their system's
uptimes and check for example the list of severe Linux bugs.

If you want to protect your keys, use a smartcard or a second box acting
similar to a smartcard.

Nevertheless, the confirmation prompt for a cached passphrase is not
entirely unfounded given that we have quite some feature in gpg-agent
which are more questionable (e.g. the whole passphrase quality checking



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list