[pass] GPG Compression and Authenticity

Alfredo Pironti alfredo.pironti at inria.fr
Thu Mar 20 10:32:45 CET 2014


On Thu, Mar 20, 2014 at 9:55 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:

> On Thu, Mar 20, 2014 at 2:53 AM, Alfredo Pironti
> <alfredo.pironti at inria.fr> wrote:
> > I think you're correct. The other case I see (just for completeness), is
> > when the attacker gets access to your account, but not root. In that case
> > umask does not protect you, but maybe the attacker cannot alter the gpg
> > binary or dump the memory of an arbitrary process.
>
> Trivial to LD_PRELOAD or a bunch of other tricks in that case.
>

Fair enough!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140320/98148626/attachment.html>


More information about the Password-Store mailing list