dirmngr: restricting access to socket, why? Debian Default

Bernhard Reiter bernhard at intevation.de
Fri Jan 7 16:15:32 CET 2011


Am Freitag, 7. Januar 2011 15:19:10 schrieb Peter Eisentraut:
> On fre, 2011-01-07 at 13:02 +0100, Bernhard Reiter wrote:
> > the current revisions of dirmngr in Debian restricts access to the
> > system service to users in gid "dirmngr" (e.g. 1.0.3-1 or 1.1.0-0kk1
> > [1]).
> >
> > Is there a reason to do so?
>
> This was done according to the advice from the upstream authors.  I'd be
> glad to review it if updated advice were issued. ;-)

Yes, this is why I've asked Werner, because I do not understand
the reason behind doing it the way it is done. One possible reason could be to 
protect the service from being "attacked" from inside of the system, but in 
this case all regular users would need to be put into the dirmngr group.
If there is a way to do so in Debian, this would also be a workable solution.

However desktop users will not understand and usually not discover that they 
have to do something to access the system dirmngr. ;)

Bernhard

-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110107/4b449691/attachment.pgp>


More information about the Gnupg-devel mailing list