Page MenuHome GnuPG

option to restrict agent cache usage
Closed, ResolvedPublic

Description

Release: 1.9.20

Environment

Linux/amd64

Description

when mass-decrypting or mass-signing, I need to have my passphrase/PIN cached in the agent. I would feel a bit better about that if there were an easy way to restrict which processes can access the cache; for example, a button "restrict to gpg instances with the same parent process ID as this one" would be nice (it would allow use from e.g. mutt, but disallow any other process to invoke gpg).

Fix

Unknown

Details

Version
2.0

Event Timeline

This does not work. Under a standard GNU/Linux OS you don't have means
for a finer permission granularity that the one based on the UID.

An attacker gaining access the the account will be able to do anything
a user is able to do and thus ant further restrictions are easy to
circumvent for him.

From: Simon Richter <Simon.Richter@hogyros.de>
To: bug-any@bugs.gnupg.org
Cc:
Subject: Re: gnupg/672
Date: Wed, 21 Jun 2006 20:40:22 +0200

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6D24087697A52A64DDB4B466
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

wk@gnupg.org schrieb:

> Synopsis: option to restrict agent cache usage

> This does not work. Under a standard GNU/Linux OS you don't have means
> for a finer permission granularity that the one based on the UID.

Well, the agent has a certain trusted role in that it keeps a cache of
passphrases/PINs, "typing" them on my behalf when needed. I'd like to
have a certain overview over when my credentials are used (i.e. be
notified and asked to confirm), however in certain cases I'd like to
give out a blanket confirmation for a specific group of processes.

> An attacker gaining access the the account will be able to do anything
> a user is able to do and thus ant further restrictions are easy to
> circumvent for him.

Agreed; this is mostly an issue of "awareness". Right now, the choices
are all or nothing; just as I accept cookies from some web sites I would
like to be able to allow certain programs to decrypt stuff
automatically, while I want to be asked for others.

Simon

--------------enig6D24087697A52A64DDB4B466
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iQCVAwUBRJmSl1Yr4CN7gCINAQJWSgP/W0FMGW77yFxYg/Us/zlTkGIu7uu/Uskp
zyBeSqLxvwdi8CtjvJ7Zm419MFyJp0jingDx3tWG31xqe8lcIptp3wNZMnK/TJ0w
cIhpgc0U39uJBJgdcdu8Wb72w5fxB8fs3d0MnhLVDRoglMqoIKCJ3pc9XoMMxWj3
c7biisOw4KQ=
=ChLY
-----END PGP SIGNATURE-----

--------------enig6D24087697A52A64DDB4B466--

werner lowered the priority of this task from Normal to Wishlist.Jul 31 2006, 5:08 PM
werner removed a project: Testing.
werner added a project: Stalled.

A possible feature would be to tag requests with the name of the process (e.g.
mutt). However, this is hard to implement as we need to change it at many
places and extra arguments are required.

You can implemnnt something like this using 2.1 and the --extra-socket feature.
Give the extra socket appropriate permissions/ACLs

werner removed a project: Stalled.