On 10/11/2010 10:20 PM, Robert J. Hansen wrote: > On 10/11/2010 9:25 PM, Hauke Laging wrote: >> I just had the idea that it might be a good countermeasure against >> malicious software not to use a cached passphrase without any user >> interaction (and thus without user notice). > > The most obvious way I see to circumvent this involves throwing a > trampoline on the UI library and bypassing this code entirely. It's a > two-hour hack, assuming you already have root access to the system.
If you already have root access on the system, then yes -- all bets are off. but that's the case anyway when the malicious attacker has root access. > It > might make users *feel* more secure, but it doesn't actually help > overall system security -- IMO, at least. YMMV. It would help against the situation where the malicious client does *not* have superuser access and cannot directly override the prompting mechanism through other mechanisms. Many standard X11 desktops today don't have such protections in place (e.g. one process can send a simulated mouseclick to another process pretty easily) but that doesn't mean no one is running with a well-isolated gpg-agent. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users