Re: Alpha testers wanted: GNU Emacs, RMAIL, and PGP
From: jpp@markv.com <jpp/daemon> Subject: Alpha testers wanted: GNU Emacs, RMAIL, and PGP
[...] Pgpmail also helps fix a known security hole -- it doesn't send you passphrase on the command line, but uses the environment instead.
The security-conscious way to send something to a subprocess is to use a pipe. Looking at environment variables requires just a single extra flag to ps(1). If PGP can't be set up to use a pipe to get the passphrase, it would be best to modify PGP to clear its arguments when it's done getting a copy of them. -- Scott Northrop <skyhawk@cpac.washington.edu> (206)784-2083 ObVirus: The demand for obedience is inherently evil. ObVirus2: As a juror in a Trial by Jury, you have the right, power and duty to acquit the defendant if you judge the law itself to be unjust.
From: skyhawk@cpac.washington.edu Date: Tue, 27 Jul 93 0:52:36 PDT X-Mailer: ELM [version 2.3 PL0]
From: jpp@markv.com <jpp/daemon> Subject: Alpha testers wanted: GNU Emacs, RMAIL, and PGP
[...] Pgpmail also helps fix a known security hole -- it doesn't send you passphrase on the command line, but uses the environment instead.
The security-conscious way to send something to a subprocess is to use a pipe. Looking at environment variables requires just a single extra flag to ps(1). If PGP can't be set up to use a pipe to get the passphrase, it would be best to modify PGP to clear its arguments when it's done getting a copy of them. It already does clear the passphrase argument when using -z, but it's trivial to use a file descriptor to send the passphrase to pgp, either using the PGPPASSFD environment variable to give it the descriptor, or if PGPPASSFD is 0, then pgp will look on the first line of piped input for the passphrase. (check out pgp.c) -Sam
-----BEGIN PGP SIGNED MESSAGE----- From: Samuel Pigg <b44729@achilles.ctd.anl.gov> It already does clear the passphrase argument when using -z, but it's trivial to use a file descriptor to send the passphrase to pgp, either using the PGPPASSFD environment variable to give it the descriptor, or if PGPPASSFD is 0, then pgp will look on the first line of piped input for the passphrase. (check out pgp.c) -Sam Yep, so trival that I hacked pgpmail to do it. Now pgpmail will use PGPPASSFD, or PGPPASS. Thanks for your help. __alpha__ testers are still wanted (and perhaps a little wiser about the decision to test my software :) ) j' - -- O I am Jay Prime Positive jpp@markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com -----BEGIN PGP SIGNATURE----- iQBXAgUBLFTze9C3U5sdKpFdAQErQgIMCe0P2PsTS/ELNfe0R/Q8C39+WsI4M9wS pMfmRrrJCwyfBNGqN2SSATUbf/5iEQ6h6t/0E7GSKothFD+Q9q/XS/SI -----END PGP SIGNATURE-----
Your program, if you are using it to send these messages, may be sending out two copies of each message. Here is a diff of the last two messages you sent: 1c1 < From jpp@markv.com Tue Jul 27 05:22:35 1993 ---
From jpp@markv.com Tue Jul 27 05:22:41 1993
They are identical except for one being sent 6 seconds after the other. and here is a diff of the previous pair: 1c1 < From jpp@markv.com Tue Jul 27 05:26:11 1993 ---
From jpp@markv.com Tue Jul 27 05:26:15 1993
Same here, but four seconds after the other. -Sam
participants (3)
-
b44729@achilles.ctd.anl.gov -
jpp@markv.com -
skyhawk@cpac.washington.edu