On 2002-11-27, Joey Hess <joeyh@debian.org> wrote: > That would still let root replace /usr/bin/gpg with such a program > though. So something like this is of some value, but only manages to > narrow the window that lets someone who has temporary access to, say, > a laptop with an agent running and a passphrase entered, to such a > laptop on which you have used sudo in the last 15 minutes. Correct me > if I'm wrong. I find it interesting that you point this out, because I was just wondering wether it would be possible to just open(2) the file /usr/bin/gpg and exec(2) this file via the file descriptor from this open(2) calland not the path name. Root, of course, could still replace the /usr/bin/gpg program and get away with it, but this seems to me to guarantee that the binary can not be stolen away under the unsuspecting user's noses. Have fun, -- Andreas Fuchs, <asf@acm.org>, asf@jabber.at, antifuchs Hail RMS! Hail Cthulhu! Hail Eris! All hail Discordia!
Attachment:
pgpvBkFaHRrlq.pgp
Description: PGP signature