[debian-knoppix] Security Problem with saveconfig
Hello list,
I think there is a security problem with saveconfig.
The problem is that it saves (if requested) everything
under /home/knoppix.
But if I want to use gpg with KNOPPIX, the .gnupg
directory (in which key files reside) is also saved in
plain format which is a security risk according to
www.gnupg.org
The usual way for saving these files should be
[ -z "$GNUPGHOME" ] && GNUPGHOME="$HOME/.gnupg/"
[ -d $GNUPGHOME ] && ( tar c $GNUPGHOME | /
gpg -o gnupg.conf -c 2>/dev/null )
which saves the key files with symmetric encryption.
It asks for a password.
IGNORE variable in saveconfig must include ".gnupg"
directory, and a ( echo "$HOME/gnupg.conf >> $TMP )
should exist somewhere after encryption.
I tried to embed this into saveconfig but I could not
succeed. gpg -c asks for a password input, but how
could it be done? [X]Dialog has an inputbox option but
I could not use it for now.
Also the booting process needs related work to do but
I do know nothing about it.
Ahmet...
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
_______________________________________________
debian-knoppix mailing list
debian-knoppix@linuxtag.org
http://mailman.linuxtag.org/mailman/listinfo/debian-knoppix
Reply to: