signing --load extensions ?
Brian Warner
warner at lothar.com
Wed Sep 23 01:50:03 CEST 1998
wk at isil.d.shuttle.de (Werner Koch) writes:
> Walter Koch <w.koch at phinware.de> writes:
>
> > does it make sense to sign the loadable extension code?
> >
> > Otherwise it would be easy to put an trojan extension named e.g.
> > "tiger" instead of the true one into the extension "path"?
>
> No. You would also have to sign /lib/libc*, the gnupg executables
> and of course the kernel (and the Xserver and ....).
>
> To avoid trojan horses, the program should be installed with owner root
> and the sysadmin should install tripwire to detect changed code.
>
> Werner
Plus, there isn't an extension "path".. there's only the one hardcoded
directory, or you can use --load-extension with an explicit filename. So it
would be very hard to accidentally use an untrusted extension.
-Brian
More information about the Gnupg-devel
mailing list