On Tue Aug 13, 2002 at 01:35:33PM +0200, Andreas Simon wrote: > I just installed gnupg-1.0.7-2mdk. The postinstall script created > and populated /root/.gnupg with the following permissions: > > # ll > [root@obsidian .gnupg]# ll > total 12 > -rw-r--r-- 1 root root 0 Aug 13 13:26 options > -rw-r--r-- 1 root root 3215 Aug 13 13:26 pubring.gpg > -rw-r--r-- 1 root root 2233 Aug 13 13:26 pubring.gpg~ > -rw------- 1 root root 0 Aug 13 13:26 secring.gpg > -rw-r--r-- 1 root root 40 Aug 13 13:26 trustdb.gpg > [root@obisdian .gnupg]# ll -d /root/.gnupg > drwxr-xr-x 2 root root 200 Aug 13 13:26 /root/.gnupg/ > > According the gpg these permissions are unsafe: > > [root@obsidian .gnupg]# gpg > gpg: Warning: unsafe permissions on file "/root/.gnupg/options" > gpg: Warning: unsafe permissions on file "/root/.gnupg/pubring.gpg" > gpg: Go ahead and type your message ... > > Maybe there should be something like a 'chmod -R 600 /root/.gnupg' > in the postinstall script.
Actually, only the directory needs to be 0600 (this is how gpg creates the directory by default). The files inside don't matter, when you add a new key, the pubring.gpg file will again become 0644 because of the umask. I'm fixing this right now. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg70343/pgp00000.pgp
Description: PGP signature