From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 16 Nov 1997 08:34:26 +0800
To: cypherpunks@toad.com
Subject: Re: auto signing messages Re: perl from Amad3us
Message-ID: <199711160027.BAA16314@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Amad3us Anonymous (if that is his/her *real* name wrote:
> Antonomasia says:
> > Real paranoiacs don't put temporary files in world-writeable directories.

> > If a hostile user symlinks your majordomo binary (or something)
> > to /tmp/.sig999 you're going to overwrite it with garbage.
 
> Sure.  But have you looked at pgp2 source code? (smirks).
> 
> (Hint, temporary files all over the place.)

  For you old farts who have not been out in the real world for a
while, you should make note of the fact that the price of memory
has dropped, and it is now feasible to implement RAM disks to
store temporary files.
  You can also direct a program to use a RAM trash-disk for its
temporary files, wiping it immediately after use without having
to worry about fucking up your other temporary files.