From: Antonomasia <ant@notatla.demon.co.uk>
To: cypherpunks@ssz.com
Message Hash: 31a7e58c31538ba18c665eb27d24fd0a69efa928db81cf4a7c90db3b5f80cf72
Message ID: <199711021541.PAA02992@notatla.demon.co.uk>
Reply To: N/A
UTC Datetime: 1997-11-02 16:11:26 UTC
Raw Date: Mon, 3 Nov 1997 00:11:26 +0800
From: Antonomasia <ant@notatla.demon.co.uk>
Date: Mon, 3 Nov 1997 00:11:26 +0800
To: cypherpunks@ssz.com
Subject: auto signing messages Re: perl from Amad3us
Message-ID: <199711021541.PAA02992@notatla.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
> #!/usr/local/bin/perl
> $userID="cypherpunks\@algebra.com";
> $pgp="/usr/local/bin/pgp";
> $tmp="/tmp/.sig$$";
> undef($/);
> $post = <STDIN>;
> ($headers,@body) = split(/\n\n/,$post);$body = join("\n\n",@body);
> open(PIPE,"|$pgp -satf +batchmode +verbose=0 -u $userID > $tmp");
Real paranoiacs don't put temporary files in world-writeable directories.
If a hostile user symlinks your majordomo binary (or something)
to /tmp/.sig999 you're going to overwrite it with garbage.
A single purpose directory /tmp/mdsig writeable only by the
list account 'majordom' would be my preference. (Correct owner
and mode for this directory and parents could be checked by the perl
script before it decides to write there.)
--
##############################################################
# Antonomasia ant@notatla.demon.co.uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
Return to November 1997
Return to “Antonomasia <ant@notatla.demon.co.uk>”
1997-11-02 (Mon, 3 Nov 1997 00:11:26 +0800) - auto signing messages Re: perl from Amad3us - Antonomasia <ant@notatla.demon.co.uk>