Igor Chudov @ home wrote: | Adam Shostack wrote: | > :0 | > * From bal@swissnet.ai.mit.edu | > { | > :0E | > | pgp +batchmode -fka | | Isn't this vulnerable to "deadbeef" attacks? I can also see an attack when | someone sends you an email with the spooofed "From " address and a user | name that is the same (or almost the same) as that of your trusted parties. | Then I can send you a bogus email containing a key for mrx@bogus.com | and next time you encrypt something for your friend nrx@provider.com, | you will actually encrypt it with the wron key. If I intercept your | email, your message to mrx can be compromised. Yes its vulnerable. I might see it in the logs, but I've personally verified most of the keys I care about, and they carry my signature, at least on my local keyring. | > # basic file server. Only sends whats in .outbound | > :0 | > * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$ | > * !^Subject:.*[ /.]\. | > * !^FROM_DAEMON | > { | > # FILE=`formail -x Subject: | sed 's/.* //'` | > FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'` | > | > :0c | > | (formail -rt -A"Precedence: junk";\ | > cat $HOME/.outbound/$FILE) | $SENDMAIL -t | | *If* .outbound has some subdirectories (say subdir), How about this email: | | From: dumbass@aol.com | Subject: GET subdir/../../../../etc/passwd | Reply-To: blin@algebra.com That will fail in the second subject line: * !^Subject:.*[ /.]\. Subject: does not match '/' or '.' followed by '.' The first Subject: line prevents absolute pathnames. * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$ So, AFAIK, you can't get anything but real subdirectories. Feel free to install it on localhost & experiment. I was pretty careful when I wrote it to make it safe. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume