[Tickets #6872] Re: gpg keys pair
bugs at horde.org
bugs at horde.org
Tue Jun 10 07:29:16 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/6872
-----------------------------------------------------------------------
Ticket | 6872
Updated By | kkkrrruuulll at yahoo.it
Summary | gpg keys pair
Queue | IMP
Version | 4.2
Type | Bug
State | Not A Bug
Priority | 1. Low
Milestone |
Patch |
Owners |
-----------------------------------------------------------------------
kkkrrruuulll at yahoo.it (2008-06-10 03:29) wrote:
>>>> i think that horde/imp must use keys (and keyrings) contained into
>>>> the private/hidden directory .gnupg of every user; horde/imp must
use
>>>> gnupg command line (sudo'ed as spamassassin) for every operation
>>>
>>> What user directory? Horde/IMP has no access to a user's home
directory.
>>
>> not horde, but gnupg yes
>>
>> if you run gnugp sudo'ed with the logged user, i think it can access
>> the user's home
>
> There is absolutely no requirement that users have accounts on the
> server running Horde.
but it can; and it can have his .gnupg directory with his public/private
keys and his keyrings already full
>Not to mention that a web process having sudo
> powers is likely opening up a *way* bigger security hole than any
> security shortcomings you are trying to mask.
i don't know... i'm not very expert... but i think that is easier to
"crack" a db that a process ran with sudo
More information about the bugs
mailing list