[7395] in SIPB bug reports
exmh bug
daemon@ATHENA.MIT.EDU (Ivan D Nestlerode)
Thu Oct 14 12:36:03 1999
Message-Id: <199910141635.MAA05556@m1-142-24.mit.edu>
To: bug-sipb@MIT.EDU
Date: Thu, 14 Oct 1999 12:35:56 -0400
From: Ivan D Nestlerode <nestler@MIT.EDU>
-----BEGIN PGP SIGNED MESSAGE-----
version 2.0.2 2/24/98
SunOS m1-142-24.mit.edu 5.6 Generic_105181-13 sun4u sparc SUNW,Ultra-5_10
Tk 8.1 Tcl 8.1
1st of all, I'd like to say that overall, exmh is awesome.
I have what could be considered to be a security hole
in the PGP interface to exmh.
While editing a cleartext email that will eventually be encrypted
(and therefore safe), exmh saves a copy of my draft without
my telling it to do so. I found no way to turn off this
behavior.
The reason this is unsafe is because this copy is written to
the drafts folder in the clear. This drafts folder resides
on an AFS mount, so the draft is going over a network
completely unencrypted.
It would be good to supply a secure "comp" command that does
no saving OR allow some way in the options to turn off the
automatic saving of drafts.
Thanks,
Ivan
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOAYGbN2L5rYDwiQBAQEZIQP+NgnM0wkMSKgrNwQuGbpdQusid6esDfCC
BrXbtJug1A/BPuWu08W+0yK9NvRBJqrqXosC/CFMWCiQmK4cOKLN3MM5n6/Qbyf9
8oiAcnJLidMLrntdr+EJJJen9WqXxd5FtMmjTIRN8coafrXSfYC6nuhwwwhp6OOH
x+ADUYuhJ20=
=aeED
-----END PGP SIGNATURE-----
