bryce@digicash.com wrote:
Here's an idea that I always wanted to implement but never did yet. I thought I'd share and if someone else has already done it let me have a copy.
I should be able to execute scripts remotely by sending e-mail to an account. Simple mail-handling scripts at that account should check the PGP signature (and timestamp/counter to prevent replay/delay attacks) and then pass the contents to a full script-language interpreter.
Perl is a natural choice of interpreter. Has anybody implemented this (hopefully complete with replay/delay prevention)?
Thanks!
Bryce
P.S. No, actually I can't think of any good use for this trick. But maybe if I had it I would find good uses for it.
I'd been thinking of something along those lines as well, but never got around to actually trying it. But I had some free time yesterday and got a system setup which uses procmail to pass on the message to a perl script which then decrypts the message if necessary and checks the signature. If the signature is good it then executes the scrypt, encrypts the output from the script, and mails it back. I haven't had a chance to do any extensive testing, and it doesn't have any replay/delay prevention yet. I should have some time in a day or two to clean it up though. Just wanted to let you know that someone is working on it. I don't want to distribute it yet, since it is still rather messy and possibly buggy. --Matt -- mcarpent@mailhost.tcs.tulane.edu