[7396] in SIPB bug reports
Re: exmh bug
daemon@ATHENA.MIT.EDU (Kev)
Fri Oct 15 15:29:57 1999
Message-Id: <199910151923.PAA03127@mint-square.mit.edu>
To: Ivan D Nestlerode <nestler@MIT.EDU>
Cc: bug-sipb@MIT.EDU
In-Reply-To: Your message of "Thu, 14 Oct 1999 12:35:56 EDT."
<199910141635.MAA05556@m1-142-24.mit.edu>
Date: Fri, 15 Oct 1999 15:23:01 -0400
From: Kev <klmitch@MIT.EDU>
> I have what could be considered to be a security hole
> in the PGP interface to exmh.
>
> While editing a cleartext email that will eventually be encrypted
> (and therefore safe), exmh saves a copy of my draft without
> my telling it to do so. I found no way to turn off this
> behavior.
>
> The reason this is unsafe is because this copy is written to
> the drafts folder in the clear. This drafts folder resides
> on an AFS mount, so the draft is going over a network
> completely unencrypted.
I had noticed this problem quite some time ago and set up a work-around;
I have my .startup.{X,tty} create the directories /tmp/klmitch and
/tmp/klmitch/drafts (hmmm...no error checking, though; I should fix that),
and have a symlink ~/Mail/drafts pointing to /tmp/klmitch/drafts. Of
course, I also have a logout script that nukes the directory and
everything in it before logging me out. Feel free to poke around my dot
files to figure things out, and hope this helps...
--
Kevin L. Mitchell <klmitch@mit.edu>
------------------------- -. .---- --.. ..- -..- --------------------------
http://web.mit.edu/klmitch/www/ (PGP keys availiable from here)
RSA AE87D37D/1024: DE EA 1E 99 3F 2B F9 23 A0 D8 05 E0 6F BA B9 D2
DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E
DH 2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4
