[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] Security Problem with saveconfig

On Thu, Aug 15, 2002 at 04:39:02PM -0700, Ahmet Mehmet wrote:
> Hello list,
> I think there is a security problem with saveconfig.
> The problem is that it saves (if requested) everything
> under /home/knoppix. 

No, it doesn't. It saves $HOME/Desktop and the .-config files, if

> But if I want to use gpg with KNOPPIX, the .gnupg
> directory (in which key files reside) is also saved in
> plain format which is a security risk according to
> www.gnupg.org

Yes, you should not save your private keys on a public accessible

> The usual way for saving these files should be
> [ -z "$GNUPGHOME" ] && GNUPGHOME="$HOME/.gnupg/"
> [ -d $GNUPGHOME ] && ( tar c $GNUPGHOME | /
> gpg -o gnupg.conf -c 2>/dev/null ) 
> which saves the key files with symmetric encryption.
> It asks for a password.
> IGNORE variable in saveconfig must include ".gnupg"
> directory, and a ( echo "$HOME/gnupg.conf >> $TMP )
> should exist somewhere after encryption.

What if somebody WANTS to save his/her gnupg key on floppy disk?

> I tried to embed this into saveconfig but I could not
> succeed. gpg -c asks for a password input, but how
> could it be done? [X]Dialog has an inputbox option but
> I could not use it for now.

You may have to use expect.

debian-knoppix mailing list

Reply to: