On Mon, 28 Oct 2019, Werner Koch wrote:
On Fri, 25 Oct 2019 12:23, Jay Sulzberger said:
Is the following correct:
When I use gpg to just encrypt or decrypt a file already on my
computer/OS's file system, then gpg does not open any formal
channels of communication going outside my
On Fri, 25 Oct 2019 12:23, Jay Sulzberger said:
> Is the following correct:
>
> When I use gpg to just encrypt or decrypt a file already on my
> computer/OS's file system, then gpg does not open any formal
> channels of communication going outside my computer/OS.
No. By default gpg may go
On Thu, 24 Oct 2019, Patrick Brunschwig wrote:
Bjarni Runar Einarsson wrote on 23.10.2019 21:35:
[...]
Each active TCP/IP connection has an open file descriptor. So, if
Enigmail's gpg launcher hasn't taken care to close unneeded file
descriptors after fork() and before exec()
[...]
Should
On 24/10/2019 08:21, Patrick Brunschwig wrote:
> Your guess is perfectly right, that's exactly what happens. Enigmail
> uses a standard library provided by Mozilla for add-ons to execute
> processes. Earlier versions of the library did close all file
> descriptors correctly. But the library is
Bjarni Runar Einarsson wrote on 23.10.2019 21:35:
[...]
>>> Each active TCP/IP connection has an open file descriptor. So, if
>>> Enigmail's gpg launcher hasn't taken care to close unneeded file
>>> descriptors after fork() and before exec()
> [...]
>> Should the `Enigmail's gpg launcher` take
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello!
Mikhail Morfikov wrote:
> Let's assume you are right, and it's because of the way the
> linux works.
>
> When I clear the conntrack table, the following messages appear
[...]
> So it's an ACK packet (possibly one per already opened
>
Let's assume you are right, and it's because of the way the linux works.
When I clear the conntrack table, the following messages appear in the FW log
(I don't block the gpg packets for now, just log and accept them in its rule):
Oct 23 17:59:14 morfikownia kernel: * gpg * IN= OUT=bond0 \
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Mikhail,
What follows is an educated guess, but only a guess...
Mikhail Morfikov via Gnupg-users wrote:
> gpg wants to connect to the network, but it looks like it wants
> also TCP/993 (IMAPS). This happens when I use Thunderbird as a
> mail
I'm filtering OUTPUT traffic on my Debian via
nftables+cgroups(net_cls)+cgrulesengd, and all apps, which want to connect to
the network, I have to assign some cgroups class and add a rule in the FW.
The gpg binary wants TCP/443 to speak with keyservers (optionally TCP/80).
I thought that's all