|
#1
March 30th, 2003, 02:45 AM
| ||||
| ||||
 Note about PGP 8 keyring security (permissions).
I just did a default installation of PGP 8 for Jaguar, and noticed something rather disturbing. Though it's not really a critical issue, it's something that I think every seriously security-concious PGP user should do something about. PGPKeys puts your private keyring, by default, in ~/Documents/PGP/ and sets the folder permissions to drwxrwxr-x which essentially means anyone who has access to your system can grab your private keyring, or replace it with a spoofed one! To makes matters worse, if you have symlinks from from your web folder to all over the place (to share movies, photos, whatever), you may have accidentally given web access to it as well.  To rectify this, I changed the folder (put it in ~/) and set the permissions to drwx------ (and also applied it to the key ring files themselves). Someone with SSH or unchrooted FTP access can see everything if you're not careful  Anyway, it strikes me as pretty silly that the PGP installer doesn't take care of that...I think they're gonna get an email from me tonight. If I get seriously paranoid, I can always put my private keyring on my USB flash drive (see sig), which actually seems like an ideal place...
__________________ michaelsanford.com • Identi.ca • iMac Aluminum 24" | MacOS X 10.5 (current) | 3.06 GHz Intel Core Duo | 4 GB RAM, 1 TB HDD • Acer AspireOne 1.60 GHz | Windows XP Home | 1 GB RAM, 100 GB HDD • AMD Athlon64 3500+ | Ubuntu-server x86_64 | 1240 GB RAID  |
|
#2
March 30th, 2003, 01:38 PM
| ||||
| ||||
|
Good to know.  I have been using GnuPG since I came to OS X and .. no problems with that. http://macgpg.sourceforge.net/ 
__________________ MacBook Pro | Dell Mini Inspiron 9 | Mac Mini | Newton 2000 | iPhone | @Work : Dell D620 & 2x20" + a lot of Macs | Workstation, VC & Fusion Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did do. ~ Samuel Clemens | Rants | Photos |
|
#3
March 30th, 2003, 01:50 PM
| ||||
| ||||
|
Oh yeah GPG's great, I just like PGP for the interface and plugins, I find it marginally simpler to use....
__________________ michaelsanford.com • Identi.ca • iMac Aluminum 24" | MacOS X 10.5 (current) | 3.06 GHz Intel Core Duo | 4 GB RAM, 1 TB HDD • Acer AspireOne 1.60 GHz | Windows XP Home | 1 GB RAM, 100 GB HDD • AMD Athlon64 3500+ | Ubuntu-server x86_64 | 1240 GB RAID |
 |
| Bookmarks |
« Help! OS X won't display the standard Font dialog!
|
need help with multimedia RAR files on OS X »
| Thread Tools | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [FAQ] - PGP 8.0 Keychain vulnerability on Mac OS X | michaelsanford | HOWTO & FAQs | 1 | March 31st, 2003 09:45 PM |
| severe security issue with Mac OS X 10.2 | profx | Mac OS X System & Mac Software | 15 | September 16th, 2002 06:42 AM |
| UNIX related things... (tr, cut, awk, and permissions) | simX | Apple News, Rumors & Discussion | 5 | December 19th, 2001 03:33 AM |
| File permissions and the drop box. | ericmurphy | Apple News, Rumors & Discussion | 2 | July 3rd, 2001 09:55 AM |
All times are GMT -5. The time now is 08:25 AM.
