[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[debian-knoppix] Security Problem with saveconfig

Hello list,
I think there is a security problem with saveconfig.
The problem is that it saves (if requested) everything
under /home/knoppix. 
But if I want to use gpg with KNOPPIX, the .gnupg
directory (in which key files reside) is also saved in
plain format which is a security risk according to

The usual way for saving these files should be

[ -z "$GNUPGHOME" ] && GNUPGHOME="$HOME/.gnupg/"
[ -d $GNUPGHOME ] && ( tar c $GNUPGHOME | /
gpg -o gnupg.conf -c 2>/dev/null ) 

which saves the key files with symmetric encryption.
It asks for a password.

IGNORE variable in saveconfig must include ".gnupg"
directory, and a ( echo "$HOME/gnupg.conf >> $TMP )
should exist somewhere after encryption.

I tried to embed this into saveconfig but I could not
succeed. gpg -c asks for a password input, but how
could it be done? [X]Dialog has an inputbox option but
I could not use it for now.

Also the booting process needs related work to do but
I do know nothing about it.


Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
debian-knoppix mailing list

Reply to: