From: jpp@markv.com <jpp/daemon> Subject: Alpha testers wanted: GNU Emacs, RMAIL, and PGP
[...] Pgpmail also helps fix a known security hole -- it doesn't send you passphrase on the command line, but uses the environment instead.
The security-conscious way to send something to a subprocess is to use a pipe. Looking at environment variables requires just a single extra flag to ps(1). If PGP can't be set up to use a pipe to get the passphrase, it would be best to modify PGP to clear its arguments when it's done getting a copy of them. -- Scott Northrop <skyhawk@cpac.washington.edu> (206)784-2083 ObVirus: The demand for obedience is inherently evil. ObVirus2: As a juror in a Trial by Jury, you have the right, power and duty to acquit the defendant if you judge the law itself to be unjust.