On Wed, Jun 11, 2008 at 04:31:45PM -0400, michael graffam wrote: > On Wed, Jun 11, 2008 at 3:56 PM, David Shaw <[EMAIL PROTECTED]> wrote: > > > If the attacker had access to your machine to implement the LD_PRELOAD > > attack, there are literally dozens of ways they can similarly steal > > whatever data they are trying to steal. Why do a very complex attack > > involving replacing libraries when they could just replace the GPG > > binary itself? > > Replacing the GPG bin requires root. An LD_PRELOAD'ed lib doesn't. > > > Or add a shell script named 'gpg' and put it in your > > search path ahead of the real gpg? > > Again, root.
Nope. None of these is true. If an attacker has access to *your* account, he has perfectly good access to your shell startup files, and he is perfectly capable of changing your PATH to include a directory of his choosing where he may place any binaries he wants to - and your shell will happily execute them instead of the real system binaries. Or maybe you are in the habit of auditing your .*shrc and .*sh_profile files after each and every login? And then auditing the pager or editor that you audited them with? If so, my hat's off to you, Sir, but this is a level of paranoia that I'm not quire comfortable with :) > > Or turn on typescript by default. > > Doesn't save GPG passphrases. True. > > Or load a kernel module that changes the meaning of system calls. Or > > replace the rng with one that isn't random. Or, or, or. > > > Root, root, root. This, too, is true. > Get it yet? LD_PRELOAD enables attacks against GPG w/o requiring full access > to the box. The attacker just need access to the user's account. True, too, except that an attacker with access to your account really does have at least seven ways (that pop up in my mind without even thinking too hard) of replacing the gpg or pinentry or whatever binaries without you noticing *at once*. G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am the thought you are now thinking.
pgptzSOgntSqn.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
