Re: gpg: "Warning: using shared memory" - SUID?
On Thu, Nov 30, 2000 at 10:09:26PM -0500, Chris Gray wrote:
> >>>>> "kmself" == kmself <firstname.lastname@example.org> writes:
> >> You're probably right about this (IANA security expert), but
> >> these should only be readable by root. Also, if you have a
> >> malicious root, your private key isn't going to be all that
> >> safe anyway.
> kmself> Well, on disk, your private key is secured by your
> kmself> passphrase (right?).
> I just did a 'less' on my secring.gpg, so... (remember the thread on
> the difficulty of password protecting a directory recently)
> I don't think that the private key is encrypted in any way. The fact
> that it has mode 0600 is seen as security enough.
The mode is NOT seen as security enough. The private key is encrypted using
a symmetrical cipher whose key is derived from a hash of the
passphrase. (the exact cipher and hash can be specified in an S2K block in
the secret keyring) In other words, if you selected a very good passphrase
(this is a BIG if for most people) if is just as well encrypted as any gpg
encrypted message message. The reason people must not be allowed to read it
is that it gives attackers a single key to discover that can then be used
to recover ALL of the (symmetrical) keys used to encrypt messages with that
key, (and because most people choose poor passwords discovering that one
key would not be hard for most people's keyrings. I am not sure what doing
'less' on the keyring is supposed to indicate?
> Finally, writing a program to read /proc/kcore to try to find secret
> keys sounds ridiculously hard to me. Maybe if you trojaned gpg it
> would work, but even then you could just have gpg send you the secret
> key so there's no point.
Writing a program to extract this information from /proc/kcore presents
little difficulty (in fact I am sure these programs already exist),
especially if you have symbol tables for the kernel and the gpg binary
being run. This is why if you can't trust root everything else is
useless. A bigger challenge would be extracting the information from a swap
partition (a swap partition can be accessed by simply stealing the actual
hard drive and placing it in your own computer.) Stealing the actual hard
drive will also give you access to all files on the drive regardless of
permissions, which is (one reason) why the file is encrypted and does not
simply rely on permissions for protection.
Harry Henry Gebel, ICQ# 76308382
West Dover Hundred, Delaware