decrypting input, not a file...

[Florian Weimer]

Paul Evad <pevad@kudosnet.com> writes:

>    $command="echo '$passphrase\n$code' | gpg -v --batch
> --no-secmem-warning --passphrase-fd 0 --decrypt";
>    exec($command, $encrypted, $errorcode);

On most Unix-like systems, any local user can eavesdrop the passphrase
if you run this (and similar code) because command-line arguments are
readable for all users.

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5