[89287] in Cypherpunks
auto signing messages Re: perl from Amad3us
daemon@ATHENA.MIT.EDU (Antonomasia)
Sun Nov 2 11:47:21 1997
Date: Sun, 2 Nov 1997 15:41:58 GMT
From: Antonomasia <ant@notatla.demon.co.uk>
To: cypherpunks@ssz.com
Reply-To: Antonomasia <ant@notatla.demon.co.uk>
> #!/usr/local/bin/perl
> $userID="cypherpunks\@algebra.com";
> $pgp="/usr/local/bin/pgp";
> $tmp="/tmp/.sig$$";
> undef($/);
> $post = <STDIN>;
> ($headers,@body) = split(/\n\n/,$post);$body = join("\n\n",@body);
> open(PIPE,"|$pgp -satf +batchmode +verbose=0 -u $userID > $tmp");
Real paranoiacs don't put temporary files in world-writeable directories.
If a hostile user symlinks your majordomo binary (or something)
to /tmp/.sig999 you're going to overwrite it with garbage.
A single purpose directory /tmp/mdsig writeable only by the
list account 'majordom' would be my preference. (Correct owner
and mode for this directory and parents could be checked by the perl
script before it decides to write there.)
--
##############################################################
# Antonomasia ant@notatla.demon.co.uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
