Dear GnuPG devs, I wanted to point out a potential security concern about gpg-agent.
I noted that an application with write access to an user's home directory can easily compromise gpg-agent by overriding the key pinentry-program in ~/.gnupg/gpg-agent.conf This is a potential security risk, as it allows to switch the pinentry plugin with a malicious version, which can be used to steal passwords. I am not aware whether this vulnerability has ever been exploited, but it would be trivial to do so. Therefore, I wonder why no hardening mechanisms are used here. In my opinion there should be additional checks, e. g. a restriction of allowed pinentry paths (e. g. only /usr/bin and /usr/local/bin), ownership checks (e. g. only allow binaries owned by root) or warnings, when a non-standard pinentry-program setting is used. What do you think? Thank you very much for your time and for maintaining GnuPG. Best regards Marius Spix _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
