gpg > addphoto

Peter Lebbing peter at digitalbrains.com
Tue Jan 8 14:32:21 CET 2019


Hello Stefan,

On 08/01/2019 14:21, Stefan Claas wrote:
> I must admit i don't understand the DoS aspect in this regard

I hadn't looked closely, but since this is MAX_..._LENGTH in
parse-packet.c, I assumed this is a cutoff while parsing packets. So if
GnuPG encounters a packet that declares it is more than 16 MiB in size,
instead of trying to gobble up and interpret and output all this data,
which could lead to DoS (memory exhaustion, disk space exhaustion, long
running time), GnuPG will just error out. So if GnuPG is ever fed
crafted data that tries to DoS GnuPG, it will simply refuse to process
it.

So I assumed this didn't have anything to do with restricting what you
can do with your own GnuPG, but what others can do onto your GnuPG.

Suppose --edit-key restricted you in some way. This is free software.
You just remove the restriction and recompile. Just like some people
enjoy making insanely large RSA keys with GnuPG: they just remove the
limit and recompile. So restricting --edit-key does not prevent you from
bad actors.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190108/f7d07d64/attachment.sig>


More information about the Gnupg-users mailing list