Making the case for smart cards for the average user
Ben McGinnes
ben at adversary.org
Mon Apr 6 22:56:48 CEST 2015
On 7/04/2015 5:56 am, Peter Lebbing wrote:
> On 06/04/15 18:04, Ben McGinnes wrote:
>> or enclose all GPG key UIDs in quotation marks in order to mitigate
>> that (a feature request for The Bat!).
>
> I think that would be quite an exploitable bug, passing UIDs to be
> parsed by a shell... I hope they already don't do that. Is a shell
> even involved I wonder?
Well, that's the thing, The Bat! is a Windows only MUA, so it never
deals with a shell, but treating this as an issue with GPG potentially
affects the rest of us on operating systems where that matters.
> PS: Little Bobby Tables' baby brother has been born, ; rm -rf / ;. He
> already has an OpenPGP key! Please send him an encrypted birthday card
> with The Bat! ;P
Heheh. :)
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150407/ed769f1b/attachment-0001.sig>
More information about the Gnupg-users
mailing list