Execution of signed scripts received by e-mail

Steffen Zahn zahn at berlin.snafu.de
Sat Jul 13 14:14:47 PDT 1996

    Matt> Get one input line at a time, and look for Reply-To: and
    Matt> From: headers to get a reply address.  As we are slurping up
    Matt> lines, watch for '-----BEGIN PGP' lines.  If it is for

I suggest ignoring Reply-To: etc and requiring a return address inside
the signed region of the mail, otherwise someone could intercept the mail
(suppressing the original) and resend it from his account and the results
would get sent to the interceptor.
 Another idea would be to extract the return address from the PGP userid
which signed the script.


work: Steffen.Zahn%robinie at emndev.siemens.co.at | home: zahn at berlin.snafu.de
      phone:+49-30-38624969                     |       phone:+49-30-4732126
Any opinions expressed herein are not necessarily those of my employer.
Use of my addresses for unsolicited commercial advertising is forbidden.

More information about the Testlist mailing list