From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@ssz.com
Message Hash: e21e655326024e4fb342972348b02d35397170e6ba80a06207673cf06ef21ce4
Message ID: <199711152003.VAA10615@basement.replay.com>
Reply To: N/A
UTC Datetime: 1997-11-15 20:16:25 UTC
Raw Date: Sun, 16 Nov 1997 04:16:25 +0800
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 16 Nov 1997 04:16:25 +0800
To: cypherpunks@ssz.com
Subject: Re: auto signing messages Re: perl from Amad3us
Message-ID: <199711152003.VAA10615@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Antonomasia says:
> excerpt from Amad3us' script:
> > #!/usr/local/bin/perl
> > $userID="cypherpunks\@algebra.com";
> > $pgp="/usr/local/bin/pgp";
> > $tmp="/tmp/.sig$$";
> > undef($/);
> > $post = <STDIN>;
> > ($headers,@body) = split(/\n\n/,$post);$body = join("\n\n",@body);
> > open(PIPE,"|$pgp -satf +batchmode +verbose=0 -u $userID > $tmp");
>
> Real paranoiacs don't put temporary files in world-writeable directories.
>
> If a hostile user symlinks your majordomo binary (or something)
> to /tmp/.sig999 you're going to overwrite it with garbage.
Sure. But have you looked at pgp2 source code? (smirks).
(Hint, temporary files all over the place.)
Amad3us
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
iQCVAwUBNG39iPKMuKFNFivhAQEYuwP/Q5nWBocRDlwVWCppBnI6g+kryko8YGJO
PnEQU+ZeTXFtnBlhpylzaz4XX2hx5cfVUtmU+EZ6GsKdu/5ALV7JWZfpRQ7LLY0n
kY0xiCDRn5binhXXuMXAJIu6y47KyXgrFQKQWZm7sgAF0p6PCbajMwPUiJEWKpWe
TGlzJNCp7OE=
=w4G3
-----END PGP SIGNATURE-----
Return to November 1997
Return to “nobody@REPLAY.COM (Anonymous)”
1997-11-15 (Sun, 16 Nov 1997 04:16:25 +0800) - Re: auto signing messages Re: perl from Amad3us - nobody@REPLAY.COM (Anonymous)