pan-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pan-users] Dynamic Signatures now supported in CVS HEAD


From: Wolf J . Flywheel
Subject: Re: [Pan-users] Dynamic Signatures now supported in CVS HEAD
Date: Mon, 22 Jul 2002 21:17:48 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 22 July 2002 10:11, Charles Kerr wrote:

> By popular demand on pan-users, Pan now supports dynamic signature
> files. If the users' sig file has the executable bit set, Pan tries to
> run the file and use its output as a signature.  Otherwise, Pan reads
> the file in as normal.

        Ut... does anyone else see this as a possible security risk?  :(

        What if Pan just did it the way other mail/news agents do -- look for a 
line beginning with a pipe (|) and then run the rest of the line, 
substituting STDOUT for that line?  I think this might help 
interoperability of signature files, too -- one could use the same .sig 
for Pan, Pot, Kettle...  ;)

        Maybe they are both equally bad... but just speaking for me, I'd never 
set +x on my .signature file.  :)

- -- 
// Carl Hudkins :: ICQ 5723399 :: PGP 50238D9E
//
// "When two hydrogen atoms love each other very much,
//  they bond with an oxygen atom..."  --Trance Gemini, Andromeda
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9PK68lLp/6lAjjZ4RAovxAKDeHpur5hxX6DYM3kehx7y3Ln5n7ACg2tlv
nF7bGDpjEtbHTa5BSRO+LrY=
=udLe
-----END PGP SIGNATURE-----



reply via email to

[Prev in Thread] Current Thread [Next in Thread]