[Tickets #6872] Re: gpg keys pair
bugs at horde.org
bugs at horde.org
Tue Jun 10 07:04:19 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/6872
-----------------------------------------------------------------------
Ticket | 6872
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | gpg keys pair
Queue | IMP
Version | 4.2
Type | Bug
State | Not A Bug
Priority | 1. Low
Milestone |
Patch |
Owners |
-----------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2008-06-10 03:04) wrote:
>>> i think that horde/imp must use keys (and keyrings) contained into
>>> the private/hidden directory .gnupg of every user; horde/imp must use
>>> gnupg command line (sudo'ed as spamassassin) for every operation
>>
>> What user directory? Horde/IMP has no access to a user's home
directory.
>
> not horde, but gnupg yes
>
> if you run gnugp sudo'ed with the logged user, i think it can access
> the user's home
There is absolutely no requirement that users have accounts on the server
running Horde. Not to mention that a web process having sudo powers is
likely opening up a *way* bigger security hole than any security
shortcomings you are trying to mask.
More information about the bugs
mailing list