On Wed, Mar 19, 2014 at 8:06 AM, Alfredo Pironti <[email protected]> wrote: > Using git-level signature ensures integrity of the data on the remote > repository, but not of the local data. Hence, you get protection from > attackers controlling a git repository, but not from attackers being able to > write into your home directory. If you want to protect also from local > attackers, then pass-level signature seems to be required.
Actually, pass already protects from an attacker modifying to my password store directory: line 7 of password-store.sh is "umask 077". If an attacker can bypass this, he likely already has root access and could just as easily snatch my passphrases from memory or other things. Or, if an attacker has an arbitrary file-swap primitive, he likely could use that for privilege escalation anyway, and then read passphrases from memory. Alternatively, if an attacker has access to my filesystem, he could even modify my web browser or gpg binary. Or a variety of other attacks. Thus, I'm not sure that your attack model really makes sense. Please correct me if I'm wrong. _______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
