On Thu, 09 Aug 2018 at 23:58:22 +0200, Holger Wansing wrote:
> Yes! That's was exactly the problem: using gpg inside of su -.

Note that if you are trying to protect your key material from a
possibly-compromised main user account, switching from the main account
to the keyring account with su is not particularly effective: if the main
account can su to the keyring account, then it can run arbitrary code as
the keyring account. (The need to type a password into su mitigates this,
but anything in your X session could act as a keylogger to capture your
password for future use, so that's a weak protection at best.)

For real privilege-separation I would recommend making use of "fast
user switching" between different VTs, for example GNOME's "Switch User"
menu option for a graphical login, or Ctrl+Alt+F6 and starting a separate
text-mode login session.

Alternatively, you could move your key material onto a cryptographic token
(smart card) like a Nitrokey, Yubikey, Gnuk or similar.

    smcv

Reply via email to