Comments on a small script please

Steve Butler sbutler@fchn.com
Wed Feb 20 17:49:01 2002 

>From the README file I thought the shell script would capture the passphrase
and hold it until needed.  That caused me some concern until I read the
script and discovered it wasn't so! 

The main problem is whenever you have a plain text file sitting around
somebody else can grab it.  There really isn't any way around that problem
on a multi-user system.  At our shop we don't care since everybody inside
the firewall may have a legitimate need to read the plain text.  Outside the
firewall the plain text never appears until the recipient at the far end
(across town, the state or the continent) decrypts it.

Just one small nit to pick on the coding.  Your test for the number of
arguments passed can be easily broken by somebody who knows how to pass a
null argument in the 2nd position.  In the Korn shell (ksh) you can use $#
to get the actual number of parameters that Unix/Linux thinks is on the
command line.  Not sure if that will work in the sh shell -- but I think it
will.

--Steve Butler
Oracle Administrator
First Choice Health

-----Original Message-----
From: kusti@iki.fi [mailto:kusti@iki.fi]
Sent: Wednesday, February 20, 2002 6:53 AM
To: gnupg-users@gnupg.org
Subject: Comments on a small script please


Hi all,

I wrote a smallish sh-script to help me store my private
text files encrypted. The script is called "gpge" as in "gpg
edit" and is supposed to act as a simple frontend to
gpg. I'd like to use it on a multi-user unix machine, so
I'd really welcome some comments on its safety; how easily
it breaks? What should be changed?

The script is available at <http://www.iki.fi/kusti/gpge/>.

Thanks for yor time,

Kusti
-- 
Kimmo K. I. Surakka <kusti@iki.fi>
Additional information available at http://www.iki.fi/kusti/
Link of the day: http://www.stoptorture.org/

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.