[pass] GPG Compression and Authenticity

Jason A. Donenfeld Jason at zx2c4.com
Thu Mar 20 09:55:49 CET 2014


On Thu, Mar 20, 2014 at 2:53 AM, Alfredo Pironti
<alfredo.pironti at inria.fr> wrote:
> I think you're correct. The other case I see (just for completeness), is
> when the attacker gets access to your account, but not root. In that case
> umask does not protect you, but maybe the attacker cannot alter the gpg
> binary or dump the memory of an arbitrary process.

Trivial to LD_PRELOAD or a bunch of other tricks in that case.


More information about the Password-Store mailing list