On Wed, 13 Oct 2010 17:51, d...@fifthhorseman.net said:
If i run the agent locally, and forward access to it to a constrained
account, then the constrained account (which is talking to the agent)
*does not* have the ability to simulate such X11 events.
You mean to a different X server? For
Am Freitag 15 Oktober 2010 12:28:33 schrieb Werner Koch:
If there is malicious code running on your machine with access to
resources under your control, I can only say: game over. No external
button will help you here.
That's why we try to restrict the access of malicious code, isn't it?
On Thu, 14 Oct 2010 20:03, sascha-ml-reply-to-201...@silbe.org said:
One instance where the proposed mechanism (in conjunction with the new
version of gpg-agent that will handle the secret keys itself) would be
Just for the records: This is no new mechanism of the agent. It is in
use for
On Fri, 15 Oct 2010 12:55, mailinglis...@hauke-laging.de said:
Following your pessimistic attitude there would hardly be any reason not to
work as root.
Nope. Not working under root is important to keep the system stable and
provide access restrictions to the non-malicious users.
OTOH, it
On 10/15/2010 9:23 AM, Werner Koch wrote:
Nevertheless, the confirmation prompt for a cached passphrase is not
entirely unfounded
I've really been biting my tongue on this thread because it seemed like
the right people were saying the right things already, but you're making
me nervous now
On 10/15/10 1:31 PM, Doug Barton wrote:
The other problem with the confirmation proposal is that ... the
intersection between plausible attack vectors and vulnerabilities
that [this proposal] would actually fix seems [very] small.
I seem to recall saying something similar to this a few days
On 10/15/10 2:49 PM, Jameson Rollins wrote:
Without use confirmation in the agent, a malicious program running under
your account could access your secret key without you knowing it.
This can still happen with a confirmation prompt. Confirmation cannot
protect against malware running under
Ok, then this protects against malicious programs that are not
intercepting the dialog box.
Which means that six months after this feature gets implemented, the malware
authors will write exploits that intercept the dialog box.
Arms races are inevitable, but stupid arms races should be
On 10/15/10 5:04 PM, Jameson Rollins wrote:
Don't let the perfect be the enemy of the good.
But is it good? To me this feature seems like security theater. It
makes you feel all warm and fuzzy and lets you sleep at night, but
doesn't provide any real protection.
Is it good to have users
On Fri, 15 Oct 2010 18:23:04 -0400, Robert J. Hansen r...@sixdemonbag.org
wrote:
I'm not. This idea isn't good.
Do you use ssh-agent? Do you think their implementation of the same
thing is not good? If so, have you complained to them about it, or
asked why the implemented it?
jamie.
Am Samstag 16 Oktober 2010 00:23:04 schrieb Robert J. Hansen:
Ok, then this protects against malicious programs that are not
intercepting the dialog box.
Which means that six months after this feature gets implemented, the
malware authors will write exploits that intercept the dialog box.
Do you use ssh-agent? Do you think their implementation of the same
thing is not good? If so, have you complained to them about it, or
asked why the implemented it?
This seems to be an argument from implication of hypocrisy: as if, were I a
user of ssh-agent, my opinion regarding gpg-agent
This implies the strange claim that it will forever be possible to do that.
It does not. It states that at present the OS infrastructure we have makes
implementing this a losing proposition.
As soon as the OS infrastructure changes enough to make this a winner, then we
should revisit this
On Sat, 16 Oct 2010 01:05:11 +0200, Hauke Laging
mailinglis...@hauke-laging.de wrote:
I just don't like the idea that access to the agent is not noticed by
design.
I strongly agree with this point. Let's think about it another way:
what if the user is themselves doing something that is
On Fri, 15 Oct 2010 19:12:21 -0400, Robert J. Hansen r...@sixdemonbag.org
wrote:
Do you use ssh-agent? Do you think their implementation of the same
thing is not good? If so, have you complained to them about it, or
asked why the implemented it?
This seems to be an argument from
I strongly agree with this point. Let's think about it another way:
what if the user is themselves doing something that is unintentionally
accessing the key?
Then that's the user's own problem. They're the one who decided to enable
passphrase caching and to set a large timeout window. They
On 15/10/10 9:11 AM, MFPA wrote:
El 14-10-2010 16:58, Remco Rijnders escribió: ...
I guess it would just have been nice if there was an email address you can
send a sign up message to, confirm your email address, and be part of the
group, similar to how mailing lists like this one work,
17 matches
Mail list logo