Re: [Tails-dev] AppArmor profiles in Debian

このメッセージを削除

このメッセージに返信
著者: Robert Ransom
日付:  
To: The Tails public development discussion list
CC: apparmor, Kees Cook, debian-derivatives
題目: Re: [Tails-dev] AppArmor profiles in Debian
On 2012-02-15, intrigeri <intrigeri@???> wrote:

>>>  2. some software that is particularly important in the context of
>>>     Tails [0]: I'm mainly thinking of Tor, but GnuPG and icedove also
>>>     come to mind.

>
>> What did you have in mind for GPG? Protecting it from itself is a bit
>> tricky. :)
>
> I don't intend to protect GnuPG from itself.
> By design, GnuPG handles much untrusted data.
> I would like to protect the rest of the system from GnuPG.
> Does it make sense, or did I miss something obvious?
> (I'm pretty new in this landscape, so it would not surprise me if I had.)


During normal operation, GnuPG is intended to read the user's secret
keyring and open and use network connections. In some cases, GPG is
intended to do both in the same execution (e.g. decrypting a
public-key-encrypted message, then verifying a signature containing a
keyserver URL).

The consequences of GPG being compromised are so severe that I don't
see a benefit in trying to protect the surrounding system from a
compromised GPG process.


Robert Ransom