gpg security on a shared Linux machine
AFAIK, the few ways private information from gpg can get leaked to other users on a shared Linux machine is:
someone with root access can access gpg's files
someone with root access can access gpg's process memory
gpg process's pages could get swapped out on disk, and anyone driven enough can access that
So, some related questions:
a) Can enabling features like SELinux fully address all 3 problems listed above?
b) As the system will have 1 user who could enable/disable SELinux, does this just shift the problem from notorious root user to notorious SELinux admin? If yes, is the latter a lesser evil than the former.
c) If a/b doesn't make sense to harden security for individuals using gpg on a shared Linux machine, is there another security hardening approach such that no user (including notorious admin/root) sees another user's secret?
Please feel free to correct if my understanding is too simple or inaccurate.
