<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] Remove absolute paths from gpg.rc



On Thu, Mar 15, 2007 at 05:15:26PM -0700, Brendan Cully wrote:

> On my OS X system, gpg lives in /sw/bin. Many others probably have it in
> /opt or /usr/local. I don't think /usr/bin is a particularly foolproof

Personally, I would still argue that /usr/bin is far and away the most
common. Most people are running with gnupg supplied by their distro, and
those update /usr/. People using OS X are in a definite minority; in
addition, if they're savvy enough to use fink/darwinports to get mutt, it's
kind of more or less automatic for them to be able to change an example
muttrc.

> setting, and I also don't think that any person interested in security
> should run with garbage in $PATH. I would also guess that it's just as

That's fine, and I would agree, but the person you're dealing with should be
assumed to be a normal user, not "any person interested in security".

> easy to modify a person's .muttrc as to put a trojan gpg somewhere in
> their PATH.

If you can modify someones personal files, the game's already over.

> I'd like to hear some more concrete examples of the dangers of looking
> up gpg in the path...

I have none. I remain completely unconvinced by the merits of removing the
absolute pathname. However, I'm not the one with commit access, you are. :-)
Your call.

-- 
Paul

Attachment: signature.asc
Description: Digital signature