[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] Dynamic Signatures now supported in CVS HEAD
From: |
Wolf J . Flywheel |
Subject: |
Re: [Pan-users] Dynamic Signatures now supported in CVS HEAD |
Date: |
Mon, 22 Jul 2002 21:17:48 -0400 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 22 July 2002 10:11, Charles Kerr wrote:
> By popular demand on pan-users, Pan now supports dynamic signature
> files. If the users' sig file has the executable bit set, Pan tries to
> run the file and use its output as a signature. Otherwise, Pan reads
> the file in as normal.
Ut... does anyone else see this as a possible security risk? :(
What if Pan just did it the way other mail/news agents do -- look for a
line beginning with a pipe (|) and then run the rest of the line,
substituting STDOUT for that line? I think this might help
interoperability of signature files, too -- one could use the same .sig
for Pan, Pot, Kettle... ;)
Maybe they are both equally bad... but just speaking for me, I'd never
set +x on my .signature file. :)
- --
// Carl Hudkins :: ICQ 5723399 :: PGP 50238D9E
//
// "When two hydrogen atoms love each other very much,
// they bond with an oxygen atom..." --Trance Gemini, Andromeda
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9PK68lLp/6lAjjZ4RAovxAKDeHpur5hxX6DYM3kehx7y3Ln5n7ACg2tlv
nF7bGDpjEtbHTa5BSRO+LrY=
=udLe
-----END PGP SIGNATURE-----