On Thu, Feb 16, 2012 at 09:52:47PM +0000, Robert Ransom wrote:
> On 2012-02-15, intrigeri <intrigeri@???> wrote:
>
> >>> 2. some software that is particularly important in the context of
> >>> Tails [0]: I'm mainly thinking of Tor, but GnuPG and icedove also
> >>> come to mind.
> >
> >> What did you have in mind for GPG? Protecting it from itself is a bit
> >> tricky. :)
> >
> > I don't intend to protect GnuPG from itself.
> > By design, GnuPG handles much untrusted data.
> > I would like to protect the rest of the system from GnuPG.
> > Does it make sense, or did I miss something obvious?
> > (I'm pretty new in this landscape, so it would not surprise me if I had.)
>
> During normal operation, GnuPG is intended to read the user's secret
> keyring and open and use network connections. In some cases, GPG is
> intended to do both in the same execution (e.g. decrypting a
> public-key-encrypted message, then verifying a signature containing a
> keyserver URL).
>
> The consequences of GPG being compromised are so severe that I don't
> see a benefit in trying to protect the surrounding system from a
> compromised GPG process.
That's traditionally been my view as well -- GPG is usually considered the
high-value target itself. I'm not opposed to having a gpg profile; I just
hadn't considered one before. :P
-Kees
--
Kees Cook @debian.org
