possible security hole
Werner Koch
wk@gnupg.org
Tue, 5 Dec 2000 08:33:29 +0100
On Mon, 4 Dec 2000, Derek Vokey wrote:
> "echo $sensitiveinfo|gpg --homedir /my/home/dir --always-trust -ear me|mail
> to\@me.com"
I don't know PHP, but I assume that you are using something like
system(3) to this job. The problem is that you might be able to
trick the shell in doing evil thing by having shell code in
$seinsitiveinfo.
Some possible solutions:
* sanitize $sensitiveinfo by removing all characters except for
digits, underscore, space and letters :-)
* use fork/exec to run gpg
* write the data to a temp string and feed it to gpg.
* use something like popen(3) and feed it with $sensitiveinfo
Werner
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org