Comments (5)
So, it looks like GPG Sync can't be sandboxed so long as it's subprocessing out to a gpg2
binary that was installed via GPG Tools, homebrew, etc. But it is possible to have multiple processes within the same app sandbox.
So GPG Sync could bundle its own gpg2
binary, and then it could call that. So long as the gpg homedir is within the app's container directory, then this should all work. The only problem then, of course, that GPG Sync won't be able to read/write to ~/.gnupg
, where the user's real keyring lives.
However what it could probably do is refresh all of the keys, then export them into a file like gpgsync-pubkeys.asc
, and then it can maybe open that file using the default handler for it, which is most likely GPG Keychain Access. So basically, each time a sync finishes, at the end of the process it will briefly pop up GPG Keychain Access to import all of the fresh keys.
I haven't verified if this will work or not. But it might, and it's certainly worth more research.
from gpgsync.
It just occurs to me that if we did go this route, I don't think #36 will be possible.
from gpgsync.
@micahflee I want to help with the Linux build process, because I can provide advice on hardening the GPGSync service via systemd.
You could perhaps also use seccomp-bpf somehow, but that's for ELF binaries I think? If you want to wrap your Python program in C that might work. Example: https://blog.yadutaf.fr/2014/05/29/introduction-to-seccomp-bpf-linux-syscall-filter/ vsftpd3.0 also has an approach.. OpenSSH has UsePrivilegeEscalation and Tor has the Sandbox option... I am surprised I can't find ANYTHING about GnuPG implementing seccomp-bpf.
In any event, systemd can sandbox probably just as well as seccomp at this point.
from gpgsync.
I think I'm going to close this issue, because sandboxing in OSX isn't possible as long as we want to interact with the user's main keyring in ~/.gnupg
.
And @ageis sorry about replying 20 months late :). GPG Sync doesn't actually run a background service. The entire thing is a GUI app that runs in your systray when it's not active. If you quit the app, it no longer runs. So I don't think systemd hardening is the right tool for this -- maybe AppArmor is though? In any case, we can figure out hardening in a separate issue.
from gpgsync.
I was wrong, I think sandboxing is possible. I've started work on enabled the Mac app sandbox for OnionShare, and I think I have a better idea of how it could work.
In order to have the sandbox, we'll need to:
- Bundle a copy of the gpg2 binary with GPG Sync (instead of making the user install GPG Tools first) and codesign that binary as part of the release.
- The entitlements plist file must grant read/write access to
~/.gnupg
.
I think if we do those things, we can enable the sandbox.
from gpgsync.
Related Issues (20)
- Support for keys.openpgp.org
- Verify fingerprints of keys imported using VKS interface
- In Windows, make systray icon disappear on exit
- Make Mac releases in latest version of macOS HOT 1
- Windows installer should offer to run when installation is complete
- Authority key not recognized in Ubuntu 18.04 HOT 3
- macOS systray icon needs to detect theme more often
- macOS package should be notarized
- Build linux packages automatically in CI, and push to repo
- Switch to pipenv
- Update dependencies HOT 1
- "Keylist is not in JSON format" error on sync HOT 1
- Surface example JSON format more visibly
- Integration between GPG Sync and OpenPGP CA
- GPG Sync not working on MacOS (Mojave/Catalina) with OS language different than English HOT 1
- GPG Sync 0.3.5 on Windows 10 - works up to 50% of keylist and throws error
- When opening GPG Sync for the first time with an existing settings.json, authority key is not displayed
- macOS Big Sur support
- Signature does not verify
- Build PyInstaller again for Windows release
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gpgsync.