possible security hole

Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
05 Dec 2000 13:31:28 +0100

Werner Koch <wk@gnupg.org> writes:

> On Mon, 4 Dec 2000, Derek Vokey wrote:
> > "echo $sensitiveinfo|gpg --homedir /my/home/dir --always-trust -ear me|mail
> > to\@me.com"
> I don't know PHP, but I assume that you are using something like
> system(3) to this job. The problem is that you might be able to
> trick the shell in doing evil thing by having shell code in
> $seinsitiveinfo.
> Some possible solutions:
> * sanitize $sensitiveinfo by removing all characters except for
> digits, underscore, space and letters :-)
If you do this, other (non-privileged) users on the same machine are able to retrieve $sensitiveinfo by examining the environment of the shell process. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org