On Thu, Mar 20, 2014 at 9:55 AM, Jason A. Donenfeld <[email protected]> wrote:
> On Thu, Mar 20, 2014 at 2:53 AM, Alfredo Pironti > <[email protected]> wrote: > > I think you're correct. The other case I see (just for completeness), is > > when the attacker gets access to your account, but not root. In that case > > umask does not protect you, but maybe the attacker cannot alter the gpg > > binary or dump the memory of an arbitrary process. > > Trivial to LD_PRELOAD or a bunch of other tricks in that case. > Fair enough!
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
