Questions about GPGME / GnuPG library

Jos? C. García Sogo jose at jaimedelamo.eu.org
Wed Dec 6 00:28:01 CET 2000


On Tue, Dec 05, 2000 at 05:19:36PM -0600, Taral wrote:
> On Wed, 6 Dec 2000, Jos? C. García Sogo wrote:
> 
> > If this is going to be a FAQ I would like you to explain which are
> > this security problems quite well, because (believe me) I don't
> > understand them. I don't know how a wrapper over gnupg (retrieving
> > data passed through a tty!) is more secure than using the gnupg
> > library. And also I cannot understand how a CORBA interface will be
> > more secure, neither RPC calls.
> 
> What if your program is not sufficiently secure, and ends up running
> arbitrary code due to an exploit? Private key data could _easily_ be
> exposed.

  Ok, that is my program's problem. But, what if what I write in my tty is being copied to an archive by my system administrator? He won't have to do anything with the private key data, as he has yet the clear text.

> Not to mention that GPG is often run setuid-root. Most programs
> should not be run setuid-root. If GPG were a library, your program (which
> may or may not be safe) would also have to be setuid-root to take
> advantage of secure memory.

 You are right on this, but I'm still thinking that this is being very paranoic in a thing, when there are a lot of other problems neither GnuPG, nor Seahorse can be able to solve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20001206/8430c65c/attachment.bin


More information about the Gnupg-devel mailing list