[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

auto signing messages Re: perl from Amad3us

To: [email protected]
Subject: auto signing messages Re: perl from Amad3us
From: Antonomasia <[email protected]>
Date: Sun, 2 Nov 1997 15:41:58 GMT
Sender: [email protected]




>  #!/usr/local/bin/perl
>  $userID="cypherpunks\@algebra.com";
>  $pgp="/usr/local/bin/pgp";
>  $tmp="/tmp/.sig$$";
>  undef($/);
>  $post = <STDIN>;
>  ($headers,@body) = split(/\n\n/,$post);$body = join("\n\n",@body);
>  open(PIPE,"|$pgp -satf +batchmode +verbose=0 -u $userID > $tmp");


Real paranoiacs don't put temporary files in world-writeable directories.

If a hostile user symlinks your majordomo binary (or something)
to /tmp/.sig999 you're going to overwrite it with garbage.

A single purpose directory /tmp/mdsig writeable only by the
list account 'majordom' would be my preference.  (Correct owner
and mode for this directory and parents could be checked by the perl
script before it decides to write there.)


--
##############################################################
# Antonomasia   [email protected]                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

Prev by Date: Re: Clinton's Bigger Gun Ban
Next by Date: Re: democracy?! (fwd)
Prev by thread: Re: Clinton's Bigger Gun Ban
Next by thread: Re: auto signing messages Re: perl from Amad3us
Index(es):
- Date
- Thread