|
#1
March 30th, 2003, 01:45 AM
| ||||
| ||||
 Note about PGP 8 keyring security (permissions). I just did a default installation of PGP 8 for Jaguar, and noticed something rather disturbing. Though it's not really a critical issue, it's something that I think every seriously security-concious PGP user should do something about. PGPKeys puts your private keyring, by default, in ~/Documents/PGP/ and sets the folder permissions to drwxrwxr-x which essentially means anyone who has access to your system can grab your private keyring, or replace it with a spoofed one! To makes matters worse, if you have symlinks from from your web folder to all over the place (to share movies, photos, whatever), you may have accidentally given web access to it as well.  To rectify this, I changed the folder (put it in ~/) and set the permissions to drwx------ (and also applied it to the key ring files themselves). Someone with SSH or unchrooted FTP access can see everything if you're not careful  Anyway, it strikes me as pretty silly that the PGP installer doesn't take care of that...I think they're gonna get an email from me tonight. If I get seriously paranoid, I can always put my private keyring on my USB flash drive (see sig), which actually seems like an ideal place...
__________________ michaelsanford.com Blog Twitter Tumblr LinkedIn iBook G4 1.42 GHz | MacOS X 10.5-current | 1 GB RAM, 100 GB HDD iMac G4 TFT 700 MHz | MacOS X 10.3.9 | 768 MB RAM, 40 GB HDD AMD Athlon64 3500+ | Slackware 12 (2.6.21.5-smp) | 2 GB RAM, 2120 GB RAID 1, 2500 GB RAID 0  |
|
#2
March 30th, 2003, 12:38 PM
| ||||
| ||||
| Good to know.  I have been using GnuPG since I came to OS X and .. no problems with that. http://macgpg.sourceforge.net/ 
__________________ MacBook Pro + Mac mini | Newton 2000 | @Work : Dell D620 & 2x20" + a lot of Macs | Workstation, VC & Fusion Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did do. ~ Samuel Clemens | Rants | Photos |
|
#3
March 30th, 2003, 12:50 PM
| ||||
| ||||
| Oh yeah GPG's great, I just like PGP for the interface and plugins, I find it marginally simpler to use....
__________________ michaelsanford.com Blog Twitter Tumblr LinkedIn iBook G4 1.42 GHz | MacOS X 10.5-current | 1 GB RAM, 100 GB HDD iMac G4 TFT 700 MHz | MacOS X 10.3.9 | 768 MB RAM, 40 GB HDD AMD Athlon64 3500+ | Slackware 12 (2.6.21.5-smp) | 2 GB RAM, 2120 GB RAID 1, 2500 GB RAID 0 |
 |
| Thread Tools | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [FAQ] - PGP 8.0 Keychain vulnerability on Mac OS X | michaelsanford | HOWTO & FAQs | 1 | March 31st, 2003 08:45 PM |
| severe security issue with Mac OS X 10.2 | profx | Mac OS X System & Mac Software | 15 | September 16th, 2002 05:42 AM |
| UNIX related things... (tr, cut, awk, and permissions) | simX | Apple News, Rumors & Discussion | 5 | December 19th, 2001 02:33 AM |
| File permissions and the drop box. | ericmurphy | Apple News, Rumors & Discussion | 2 | July 3rd, 2001 08:55 AM |
All times are GMT -5. The time now is 01:05 AM.
