Message is in the attachment, sorry for this.
--- Begin Message ---
- To: Klaus Knopper <email@example.com>
- Subject: Re: [debian-knoppix] Security Problem with saveconfig
- From: Ahmet Mehmet <firstname.lastname@example.org>
- Date: Fri, 16 Aug 2002 03:08:54 -0700 (PDT)
- In-reply-to: <20020816053736.GK12279@linuxtag.org>Hello again, > On Thu, Aug 15, 2002 at 04:39:02PM -0700, Ahmet > Mehmet wrote: > > Hello list, > > I think there is a security problem with > saveconfig. > > The problem is that it saves (if requested) > everything > > under /home/knoppix. > > No, it doesn't. It saves $HOME/Desktop and the > .-config files, if > requested. Yes you are right, it does not saves everything under /home/knoppix but it saves .gnupg directory, I tried. So the problem continues. > > The usual way for saving these files should be > > > > [ -z "$GNUPGHOME" ] && GNUPGHOME="$HOME/.gnupg/" > > [ -d $GNUPGHOME ] && ( tar c $GNUPGHOME | / > > gpg -o gnupg.conf -c 2>/dev/null ) > > > > which saves the key files with symmetric > encryption. > > It asks for a password. > > > > IGNORE variable in saveconfig must include > ".gnupg" > > directory, and a ( echo "$HOME/gnupg.conf >> $TMP > ) > > should exist somewhere after encryption. > > What if somebody WANTS to save his/her gnupg key on > floppy disk? I could not understand. What I try to propose just does this! It first ignores the .gnupg directory, then it encrypts the keys with gpg itself and last of all by ( echo "$HOME/gnupg.conf >> $TMP ). Isn't it? __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com
--- End Message ---