On Mon, Oct 24, 2005 at 11:53:52AM -0400, David Shaw wrote: > I think it's possible to invest a lot of effort into the whole secure > memory question. It's a real issue, to be sure, but how relevant is > it to most people? For example, it's possible for an attacker with > root access to sniff out a passphrase from swap... but really, if an > attacker had root access, the game was already lost. I believe this is very much not the case with regard to one's personal security and encrypted files. My understanding is that even if the attacker has the user's private key, it is next to useless unless they also have the passphrase. Brute force passphrase attacks are exceedingly difficult to effect, making them prohibitive for most, if not all attackers. If the solution I proposed is considered acceptable, then it would seem to involve very little effort indeed, and provides a significant enhancement to security. Mutt can still install without the SUID bit set by default, but should be very clear in the manual in big bold letters (figuratively, if not literally) about the implications of both installing SUID and not installing SUID. I'd say that would warrant mention in both README and in INSTALL as well... In fact, even if the maintainers decide to do nothing else, I think the risks should be documented in the manual and in README. If I have some free time this week, and Tamo doesn't beat me to it, I may hack this up. I'd need to investigate the "right" way to do this, so I'll probably want to take a look at the code in gpg first... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpAwO30HmzfY.pgp
Description: PGP signature