GnuPG _is_ setuid
Posted Mar 11, 2007 17:51 UTC (Sun) by ekj
In reply to: GnuPG _is_ setuid
Parent article: GnuPG signed message spoofing vulnerability
True. But the very same users (be they people or mail-programs) that want to verify the integrity of a message using a public key frequently also wants to sign a message using a secret key.
True, true, one *could* do the former with a C-library, and the latter by piping to a setuid-executable, but most developers would probably consider the two funcitons related and prefer they both be accesses by the same mechanism.
to post comments)