Hello Stefan, On 08/01/2019 14:21, Stefan Claas wrote: > I must admit i don't understand the DoS aspect in this regard
I hadn't looked closely, but since this is MAX_..._LENGTH in parse-packet.c, I assumed this is a cutoff while parsing packets. So if GnuPG encounters a packet that declares it is more than 16 MiB in size, instead of trying to gobble up and interpret and output all this data, which could lead to DoS (memory exhaustion, disk space exhaustion, long running time), GnuPG will just error out. So if GnuPG is ever fed crafted data that tries to DoS GnuPG, it will simply refuse to process it. So I assumed this didn't have anything to do with restricting what you can do with your own GnuPG, but what others can do onto your GnuPG. Suppose --edit-key restricted you in some way. This is free software. You just remove the restriction and recompile. Just like some people enjoy making insanely large RSA keys with GnuPG: they just remove the limit and recompile. So restricting --edit-key does not prevent you from bad actors. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
