A document is accompanied by a cryptographic signature. Can we safely attempt to verify the signature even if a malicious adversary had carefully crafted a file? We worry about things like buffer or stack overflow attacks against a parser for programs like "gpg -v".
We would really like to be able to run that program with privileges severely limited by the operating system.
No comments :
Post a Comment