Re: Mutt & tmp files

To: debian-security@lists.debian.org
Subject: Re: Mutt & tmp files
From: Daniel D Jones <ddjones@riddlemaster.org>
Date: Sun, 18 Nov 2001 20:05:13 -0500
Message-id: <[🔎] MMR94D.A.wXH.-qF-7@murphy>
Reply-to: ddjones@riddlemaster.org
In-reply-to: <[🔎] Pine.LNX.4.40.0111161710510.8636-100000@sunba>
References: <[🔎] Pine.LNX.4.40.0111161710510.8636-100000@sunba>

-----BEGIN PGP SIGNED MESSAGE-----

On Friday 16 November 2001 11:21, Oyvind A. Holm wrote:
> On 2001-11-15 19:11 Florian Bantner wrote:
> Another thing is... You're a bit concerned that root can read your
> mail. A good advice is to never - NEVER place your private (secret) key
> on another machine you don't have physical access to or a machine which
> is owned by others. Public keys only. Store it on a floppy if you have
> to decrypt messages. Make sure the gpg executable is setuid root to
> prevent swapping anbd insecure memory, and make sure there is no daemon
> gathering keystrokes.

Good practices but there's only so much you can do.  How do you ensure that 
the pgp executable hasn't been modified to store a copy of your key after it 
reads it from the floppy?  How do you ensure that the kernel hasn't been 
modified to gather keystrokes?  We're talking about trying to protect 
yourself from legitimate root on a system where you're merely a user.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBO/hayTA1uBpee9v5AQFlTQMAqxVts+1zGWsv2xX6AtKti/gn7GTK2YJX
u/GkfZZSu783nkJ6aoDy5Fc0ppO5t5bnsm2SJ3vzca4bLFLhR72rRTFs6doylnNd
r+O8+UREJAkHUCNNQfemOudZHPRpcJ4z
=Ktbf
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: Mutt & tmp files
  - From: "Oyvind A. Holm" <sunny@ba.no>

Prev by Date: Re: Root is God? (was: Mutt & tmp files)
Next by Date: Re: Root is God? (was: Mutt & tmp files)
Previous by thread: Re: Mutt & tmp files
Next by thread: Re: Mutt & tmp files
Index(es):
- Date
- Thread