User: Password:
Subscribe / Log in / New account

GnuPG _is_ setuid

GnuPG _is_ setuid

Posted Mar 16, 2007 12:28 UTC (Fri) by robbe (subscriber, #16131)
In reply to: GnuPG _is_ setuid by evgeny
Parent article: GnuPG signed message spoofing vulnerability

If you use your private key on a remote host (virtual or not) there are
more practical attack vectors. But best practise is to have the private
key only on a device in front of you -- in this case leakage to swap is a
concern. But suid-to-root is a stupid hack, better solutions are:
(a) allow mlock() for non-root users (I had a trivial kernel patch for
this ten years ago)
(b) no swap
(c) encrypted swap (what I use today)

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds