On Fri, Sep 10, 1999 at 02:29:38PM -0400, Pete Toscano wrote:
> set the SUID bit on the gpg binary. the problem is -- so the gpg docs
> go -- that, unless the program is being run as root, it could be swapped
> out of memory and then, anyone who can read the swap device might be
> able to get your password. now, if you have permissions on your swap
> device set so that only root can read/write it (0600), there shouldn't
> be any problems, but not everyone has it set this way, so i guess werner
> is trying to be extra-special safe.
0600 won't cut it. If your passphrase has ever been in swapspace, it might
stay there for months on end, allowing anyone with root access in that
period to retrieve your passphrase.
A couple of months is a _very_ long time, security-wise.
Greetz, Peter
--
| 'He broke my heart, | Peter van Dijk |
I broke his neck' | [EMAIL PROTECTED] |
nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl |
http://www.nognikz.mdk.nu/ | Hardbeat@undernet - #groningen/#kinkfm/#vdh |
