possible security hole

Werner Koch wk@gnupg.org
Tue, 5 Dec 2000 08:33:29 +0100


On Mon, 4 Dec 2000, Derek Vokey wrote:


> "echo $sensitiveinfo|gpg --homedir /my/home/dir --always-trust -ear me|mail
> to\@me.com"
I don't know PHP, but I assume that you are using something like system(3) to this job. The problem is that you might be able to trick the shell in doing evil thing by having shell code in $seinsitiveinfo. Some possible solutions: * sanitize $sensitiveinfo by removing all characters except for digits, underscore, space and letters :-) * use fork/exec to run gpg * write the data to a temp string and feed it to gpg. * use something like popen(3) and feed it with $sensitiveinfo Werner -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org