<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Mar 20, 2014 at 9:55 AM, Jason A. Donenfeld <span dir="ltr"><<a href="mailto:Jason@zx2c4.com" target="_blank">Jason@zx2c4.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On Thu, Mar 20, 2014 at 2:53 AM, Alfredo Pironti<br>
<<a href="mailto:alfredo.pironti@inria.fr">alfredo.pironti@inria.fr</a>> wrote:<br>
> I think you're correct. The other case I see (just for completeness), is<br>
> when the attacker gets access to your account, but not root. In that case<br>
> umask does not protect you, but maybe the attacker cannot alter the gpg<br>
> binary or dump the memory of an arbitrary process.<br>
<br>
</div>Trivial to LD_PRELOAD or a bunch of other tricks in that case.<br></blockquote><div><br></div><div>Fair enough! <br></div></div><br></div></div>