Date: Tue, 16 Mar 2004 22:23:05 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Bob Perry <rperry4@earthlink.net> Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: PGP Utility? Message-ID: <20040317062305.GA59039@xor.obsecurity.org> In-Reply-To: <4057EC9B.9080102@earthlink.net> References: <405344E5.8090809@earthlink.net> <405363AF.8000108@gmx.at> <4057EC9B.9080102@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote: > I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the README > and HOWTOs. Ran into a problem re "...unsafe ownership of the main > configuration file...." Searched the mailing list archives with little= =20 > luck > but, more importantly, the users' mailing list was unavailable. Well, what is the ownership? gnupg probably expects it to be owned by the user and not to be world- or group- writable, and maybe not to be readable either. i.e. the permissions on the file should be secure. > My objective was to just install a security patch. Is the file=20 > verification > step really necessary? That all depends on whether or not you have a trojaned copy of the security patch :-) Kris --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAV+7IWry0BWjoQKURAlCyAKDkJ8PYRJZXj1knz+HtCUBwQgOG2gCg51yt QgJGl/J17lBW3NZwtNd1DB0= =emHG -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040317062305.GA59039>