GnuPG _is_ setuid
Posted Mar 12, 2007 10:34 UTC (Mon) by ekj
In reply to: GnuPG _is_ setuid
Parent article: GnuPG signed message spoofing vulnerability
True. There are good arguments in favour of just dropping whatever trickery requires setuid at the moment, in which case a library is unproblematic. I'm just saying, aslong as you *DO* want memory-locking, you're going to need an external app for atleast those parts. And if so, that external app may aswell do verification too, not only signing.
to post comments)