-
Alex Vandiver authored
Be explicit that modification of the PrivateKey pseudo-column requires admin rights -- namely, AdminUser, not just ModifySelf. While the page that controlls that property is in /Admin/Users/GnuPG.html, accessing that page requires only the ShowConfigTab right, and modifying the property on yourself required only ModifySelf. Combined with the ability (also granted by ModifySelf) for users to change their own email addresses, this opened the possibility for users to claim arbitrary private keys as their own, for use in signing.
8ce033b3