[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix needed for communication with gpg-agent

From: David Kastrup
Subject: Re: Fix needed for communication with gpg-agent
Date: Sun, 25 Feb 2007 21:22:37 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.94 (gnu/linux)

Andreas Schwab <address@hidden> writes:

> Chong Yidong <address@hidden> writes:
>> This is arguably a security hole because it makes it too easy for
>> root to find people's passwords (granted, root can easily steal
>> passwords anyway, but it arguably shouldn't be *this* easy.)
> If you are root you can read every process's memory, no matter where
> it is stored.

The danger is not as much root on an active system.  The danger is
that the passwords will be stored on disk where they will stay
semi-permanently, even if the disk gets sold, imaged, or stolen.

David Kastrup, Kriemhildstr. 15, 44793 Bochum

reply via email to

[Prev in Thread] Current Thread [Next in Thread]