* [refpolicy] gpg policy
@ 2016-12-28 16:32 Luis Ressel
2016-12-28 16:40 ` Dominick Grift
0 siblings, 1 reply; 3+ messages in thread
From: Luis Ressel @ 2016-12-28 16:32 UTC (permalink / raw)
To: refpolicy
I'm currently trying to re-write the contrib/gpg module a bit. In
particular, I intend to change the types used for the data in
~/.gnupg/. This is what I have in mind:
* .gnupg/ itself: gpg_home_t (all gpg-related programs can create
files/directories inside this)
* .gnupg/*.conf: gpg_conf_t (all gpg-related programs can read, but not
write, those files)
* .gnupg/{trustdb.gpg,pubring*} and similar: gpg_home_t (only gpg_t
can manage those files; perhaps I'll need to allow other gpg-related
tools read access)
* .gnupg/* (everything else): gpg_secret_t (only gpg_t and gpg_agent_t
can manage those files)
With gnupg 2.1, only gpg_agent_t needs access to gpg_secret_t data;
perhaps I'll add a boolean to configure this.
Any thoughts?
Regards,
Luis
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] gpg policy
2016-12-28 16:32 [refpolicy] gpg policy Luis Ressel
@ 2016-12-28 16:40 ` Dominick Grift
2016-12-28 16:48 ` Luis Ressel
0 siblings, 1 reply; 3+ messages in thread
From: Dominick Grift @ 2016-12-28 16:40 UTC (permalink / raw)
To: refpolicy
On 12/28/2016 05:32 PM, Luis Ressel via refpolicy wrote:
> I'm currently trying to re-write the contrib/gpg module a bit. In
> particular, I intend to change the types used for the data in
> ~/.gnupg/. This is what I have in mind:
>
> * .gnupg/ itself: gpg_home_t (all gpg-related programs can create
> files/directories inside this)
> * .gnupg/*.conf: gpg_conf_t (all gpg-related programs can read, but not
> write, those files)
> * .gnupg/{trustdb.gpg,pubring*} and similar: gpg_home_t (only gpg_t
> can manage those files; perhaps I'll need to allow other gpg-related
> tools read access)
> * .gnupg/* (everything else): gpg_secret_t (only gpg_t and gpg_agent_t
> can manage those files)
>
> With gnupg 2.1, only gpg_agent_t needs access to gpg_secret_t data;
> perhaps I'll add a boolean to configure this.
I am a bit confused about what you consider gpg_secret_t data.
gpg creates/maintains the private key. This is the thing I would want to
protect. Only gpg itself ever needs access to that file. Thus no
confined application should ever have any access to this private key
>
> Any thoughts?
>
> Regards,
> Luis
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161228/3b044528/attachment.bin
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] gpg policy
2016-12-28 16:40 ` Dominick Grift
@ 2016-12-28 16:48 ` Luis Ressel
0 siblings, 0 replies; 3+ messages in thread
From: Luis Ressel @ 2016-12-28 16:48 UTC (permalink / raw)
To: refpolicy
On Wed, 28 Dec 2016 17:40:39 +0100
Dominick Grift via refpolicy <refpolicy@oss.tresys.com> wrote:
> I am a bit confused about what you consider gpg_secret_t data.
>
> gpg creates/maintains the private key. This is the thing I would want
> to protect. Only gpg itself ever needs access to that file. Thus no
> confined application should ever have any access to this private key
I guess my wording wasn't precise enough. By "gpg-related program", I
mean gpg, gpg-agent, dirmngr and scdaemon.
I don't want to expose any data in ~/.gnupg to third-party programs.
I'm just trying to segregate the different components of gpg (the tools
mentioned above) from each other; for example, as you remarked in your
previous mail, dirmngr shouldn't have access to private key material.
Regards,
Luis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161228/6562cfde/attachment.bin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-12-28 16:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-28 16:32 [refpolicy] gpg policy Luis Ressel
2016-12-28 16:40 ` Dominick Grift
2016-12-28 16:48 ` Luis Ressel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.