[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg: "Warning: using shared memory" - SUID?

>>>>> "kmself" == kmself  <kmself@ix.netcom.com> writes:

    >>  You're probably right about this (IANA security expert), but
    >> these should only be readable by root.  Also, if you have a
    >> malicious root, your private key isn't going to be all that
    >> safe anyway.

    kmself> Well, on disk, your private key is secured by your
    kmself> passphrase (right?).  

I just did a 'less' on my secring.gpg, so...  (remember the thread on
the difficulty of password protecting a directory recently) 

I don't think that the private key is encrypted in any way.  The fact
that it has mode 0600 is seen as security enough.

Finally, writing a program to read /proc/kcore to try to find secret
keys sounds ridiculously hard to me.  Maybe if you trojaned gpg it
would work, but even then you could just have gpg send you the secret
key so there's no point.

    kmself> Yes, ultimately, you do have to trust your system.



Every child in America MUST get one of these things for Christmas or
Chanukah or Kwanzaa or Atheist Children Get Presents Day.
	-- Dave Barry

Reply to: