Re: Mutt & tmp files
-----BEGIN PGP SIGNED MESSAGE-----
On Friday 16 November 2001 11:21, Oyvind A. Holm wrote:
> On 2001-11-15 19:11 Florian Bantner wrote:
> Another thing is... You're a bit concerned that root can read your
> mail. A good advice is to never - NEVER place your private (secret) key
> on another machine you don't have physical access to or a machine which
> is owned by others. Public keys only. Store it on a floppy if you have
> to decrypt messages. Make sure the gpg executable is setuid root to
> prevent swapping anbd insecure memory, and make sure there is no daemon
> gathering keystrokes.
Good practices but there's only so much you can do. How do you ensure that
the pgp executable hasn't been modified to store a copy of your key after it
reads it from the floppy? How do you ensure that the kernel hasn't been
modified to gather keystrokes? We're talking about trying to protect
yourself from legitimate root on a system where you're merely a user.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBO/hayTA1uBpee9v5AQFlTQMAqxVts+1zGWsv2xX6AtKti/gn7GTK2YJX
u/GkfZZSu783nkJ6aoDy5Fc0ppO5t5bnsm2SJ3vzca4bLFLhR72rRTFs6doylnNd
r+O8+UREJAkHUCNNQfemOudZHPRpcJ4z
=Ktbf
-----END PGP SIGNATURE-----
Reply to: