[pkg-gnupg-maint] Bug#794667: gnupg-agent: facilitate running gpg-agent as a separate user account
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Aug 5 14:24:48 UTC 2015
Package: gnupg-agent
Version: 2.1.6-1
Severity: wishlist
gpg-agent doesn't defend against another process by the same user
inspecting its memory or doing other nasty things to the process.
While i'm encouraging upstream to add what protections are possible
[0], it would also be useful to have some tooling around creating a
secondary user account to run the agent in a designated,
non-privileged manner.
This might be a distro-specific project, since account creation,
removal, etc are normally not handled by gpg itself, but by the
distro.
Perhaps we can use this bug to brainstorm such an approach for
gpg-agent at least.
--dkg
[0] https://bugs.gnupg.org/gnupg/issue1211
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gnupg-agent depends on:
ii libassuan0 2.2.1-1
ii libc6 2.19-19
ii libgcrypt20 1.6.3-2
ii libgpg-error0 1.19-2
ii libnpth0 1.2-1
ii libreadline6 6.3-8+b3
ii pinentry-curses [pinentry] 0.9.5-2
ii pinentry-gnome3 [pinentry] 0.9.5-2
ii pinentry-gtk2 [pinentry] 0.9.5-2
ii pinentry-qt4 [pinentry] 0.9.5-2
ii pinentry-tty [pinentry] 0.9.5-2
Versions of packages gnupg-agent recommends:
ii gnupg 1.4.19-3
ii gnupg2 2.1.6-1
ii gpgsm 2.1.6-1
gnupg-agent suggests no packages.
-- debconf-show failed
More information about the pkg-gnupg-maint
mailing list