On 10/11/2010 10:20 PM, Robert J. Hansen wrote: > On 10/11/2010 9:25 PM, Hauke Laging wrote: >> I just had the idea that it might be a good countermeasure against >> malicious software not to use a cached passphrase without any user >> interaction (and thus without user notice). > > The most obvious way I see to circumvent this involves throwing a > trampoline on the UI library and bypassing this code entirely. It's a > two-hour hack, assuming you already have root access to the system.
If you already have root access on the system, then yes -- all bets are
off. but that's the case anyway when the malicious attacker has root
access.
> It
> might make users *feel* more secure, but it doesn't actually help
> overall system security -- IMO, at least. YMMV.
It would help against the situation where the malicious client does
*not* have superuser access and cannot directly override the prompting
mechanism through other mechanisms.
Many standard X11 desktops today don't have such protections in place
(e.g. one process can send a simulated mouseclick to another process
pretty easily) but that doesn't mean no one is running with a
well-isolated gpg-agent.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
