6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
7/31/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#6872] gpg keys pair
*
Your Email Address
*
Spam protection
Enter the letters below:
. ..___.._..__ .__ |_/ _/ | | \[__) | \./__._|_|__/[__)
Comment
>>>>> i think that horde/imp must use keys (and keyrings) contained into > >>>>> the private/hidden directory .gnupg of every user; horde/imp must use > >>>>> gnupg command line (sudo'ed as spamassassin) for every operation > >>>> > >>>> What user directory? Horde/IMP has no access to a user's home directory. > >>> > >>> not horde, but gnupg yes > >>> > >>> if you run gnugp sudo'ed with the logged user, i think it can access > >>> the user's home > >> > >> There is absolutely no requirement that users have accounts on the > >> server running Horde. > > > > but it can; and it can have his .gnupg directory with his > public/private keys and his keyrings already full > > > >> Not to mention that a web process having sudo > >> powers is likely opening up a *way* bigger security hole than any > >> security shortcomings you are trying to mask. > > > > i don't know... i'm not very expert... but i think that is easier to > "crack" a db that a process ran with sudo
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers