|
Size: 2115
Comment: correct Typo, thanks to Richard R.
|
Size: 2137
Comment: improve spelling and phrasing a bit. - draft marker
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| **draft** |
|
| Line 17: | Line 15: |
| may have the wrong permission. So a user cannot be properly access this file. | may have the wrong permissions. So a user account cannot properly access this file. |
| Line 21: | Line 19: |
| Users reported running into these kind of problems, even when running Gpg4win with administration rights just once. |
Users have reported running into these kind of problems, even aftern running Gpg4win with administration rights just once. |
| Line 27: | Line 25: |
| Building a modern graphical user interface (GUI) uses a lot of code. Mainly in the used software modules. These code libraries |
Building a modern graphical user interface (GUI) requires a lot of source code. Mainly in the software modules used. These code libraries |
| Line 32: | Line 30: |
| Anyhow: The larger the code base, the harder to control security properties. | Anyhow: The larger the code base, the harder to control its security properties. |
| Line 37: | Line 35: |
| which may be used to insert other code into an application. So if | which may be used to insert other code into an application. Therefore if |
Why am I warned about running Kleopatra as Administrator?
We recommend running Gpg4win as regular user (and not with administration rights).
This general good practice for almost all applications since Microsoft Windows XP.
Permission problems in configuration files
Kleopatra writes to several files, for example when changing settings or importing keys.
If run with adminstration rights, a newly created file from this session may have the wrong permissions. So a user account cannot properly access this file. Unexpected behaviour results - maybe days later - and file permission problems are hard to analyse.
Users have reported running into these kind of problems, even aftern running Gpg4win with administration rights just once.
Raised danger of privilege escalation
Building a modern graphical user interface (GUI) requires a lot of source code. Mainly in the software modules used. These code libraries are complex in order to be comfortable to use. (Whether this is necessarily so, can trigger long technical debates of course).
Anyhow: The larger the code base, the harder to control its security properties. This is somewhat okay, if an application runs beside others on a desktop as regular user, but not a good thing, when running it as an administrator.
An example: Qt, the GUI library Kleopatra uses, has a plugin system which may be used to insert other code into an application. Therefore if malicious code got onto your regular user account, finds a way to trigger the plugin loading and then Kleopatra is run as administrator, it can be used as part of an attack chain to gain higher privileges.
References
Gpg4win-3.1.15 has a safeguard that disallows running Kleopatra as administrator. This will be changed to a warning with the next release, see https://dev.gnupg.org/T5248.
Kleopatra cannot be run as administrator without breaking file permissions in the GnuPG data folder. To manage keys for other users please manage them as a normal user and copy the `AppData\Roadmin\gnupg' directory with proper permissions.