auto signing messages Re: perl from Amad3us
Anonymous
nobody at REPLAY.COM
Sat Nov 15 12:16:25 PST 1997
-----BEGIN PGP SIGNED MESSAGE-----
Antonomasia says:
> excerpt from Amad3us' script:
> > #!/usr/local/bin/perl
> > $userID="cypherpunks\@algebra.com";
> > $pgp="/usr/local/bin/pgp";
> > $tmp="/tmp/.sig$$";
> > undef($/);
> > $post = <STDIN>;
> > ($headers, at body) = split(/\n\n/,$post);$body = join("\n\n", at body);
> > open(PIPE,"|$pgp -satf +batchmode +verbose=0 -u $userID > $tmp");
>
> Real paranoiacs don't put temporary files in world-writeable directories.
>
> If a hostile user symlinks your majordomo binary (or something)
> to /tmp/.sig999 you're going to overwrite it with garbage.
Sure. But have you looked at pgp2 source code? (smirks).
(Hint, temporary files all over the place.)
Amad3us
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
iQCVAwUBNG39iPKMuKFNFivhAQEYuwP/Q5nWBocRDlwVWCppBnI6g+kryko8YGJO
PnEQU+ZeTXFtnBlhpylzaz4XX2hx5cfVUtmU+EZ6GsKdu/5ALV7JWZfpRQ7LLY0n
kY0xiCDRn5binhXXuMXAJIu6y47KyXgrFQKQWZm7sgAF0p6PCbajMwPUiJEWKpWe
TGlzJNCp7OE=
=w4G3
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list