Confirmation for cached passphrases useful?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 12 04:44:41 CEST 2010
On 10/11/2010 10:20 PM, Robert J. Hansen wrote:
> On 10/11/2010 9:25 PM, Hauke Laging wrote:
>> I just had the idea that it might be a good countermeasure against
>> malicious software not to use a cached passphrase without any user
>> interaction (and thus without user notice).
>
> The most obvious way I see to circumvent this involves throwing a
> trampoline on the UI library and bypassing this code entirely. It's a
> two-hour hack, assuming you already have root access to the system.
If you already have root access on the system, then yes -- all bets are
off. but that's the case anyway when the malicious attacker has root
access.
> It
> might make users *feel* more secure, but it doesn't actually help
> overall system security -- IMO, at least. YMMV.
It would help against the situation where the malicious client does
*not* have superuser access and cannot directly override the prompting
mechanism through other mechanisms.
Many standard X11 desktops today don't have such protections in place
(e.g. one process can send a simulated mouseclick to another process
pretty easily) but that doesn't mean no one is running with a
well-isolated gpg-agent.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101011/d6f0c2b0/attachment-0001.pgp>
More information about the Gnupg-users
mailing list