On Wed 2015-02-11 17:31:42 -0500, Xavier Maillard wrote: > Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: > >> The fact that you're using a FAT volume is the root cause here; FAT >> filesystems do not have ownership or permissions, so when a modern OS >> mounts them, it has to fake permissions for these files. > > Thank you for this precision. Are you aware of some "portable" and > well supported by the 3-major OSes filesystem type ?
FAT, alas, is the portable filesystem that you're looking for. UDF, mentioned elsewhere in this thread, is a read-only filesystem, and i think it doesn't have ownership or permissions either. I see two approaches: a) figure out how to get each operating system to mount the volume with tighter permissions b) convince gpg that looser permissions on fat32 filesystems are acceptable I think (b) is the wrong way to go -- gpg is pointing out, rightly, that your sensitive data is exposed. So that leaves (a), which probably needs to be fixed anyway. Your operating system is exposing sensitive data from your USB stick (which is supposed to be only yours, since you plugged it in while you were in control of the machine) to any other user account on the computer. Reporting this bug to your OS vendor would be a good thing, because it would help other users of the same OS. --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users