Either you plan much farther ahead than the common cybercrook or we are talking about targeted attacks instead of the much common "spam" attacks. (That said, GnuPG is *supposed* to stand up against targeted attacks.)
Correct, I'm talking about targeted attacks. Random drive-bys are not of much personal or professional concern. This is of course my risk model, and I don't expect it to be relevant to anyone else. :)
The catch is that the "juicy" stuff is typically *in* the user's account on a single-user box... and therefore accessible without elevation if Mallory is hitting the client.
If it's a single-user box, sure. Of course, many single-user boxes make privilege escalation ridiculously easy, so why not? (Everyone who has put NOPASSWD: ALL into their sudoers file, please raise your hands...)
Why risk the exposure (and correction) of a privilege escalation exploit when everything Mallory wants is right there without it?
Because even on single-user boxes, persistence and cleaning up one's tracks is much easier done with escalation than without. If persistence and concealment is part of the attack profile, you need escalation.
In my model, Mallory's ideal goal is make off with your data and/or private keys and/or an unauthorized signature without leaving a trace aside from possible intentional tampering.
Then Mallory needs escalation. If you're going to do things like look through the system logs and scrub them appropriately, you need to escalate.
This is why I believe a competent Mallory always escalates. It's simply not possible to do a thorough cleanup job without escalation.
In that environment, a smartcard is not sufficient; you need an isolated box.
Frankly, I think you need a lot more than a smartcard, too, starting with a radical rethink of "why am I hosting such valuable files on a machine connected to the internet?" :)
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
