| To: | bug-Mail-GnuPG [...] rt.cpan.org |
| From: | Jörn Reder <joern [...] zyn.de> |
| Subject: | Patch for Mail::GnuPG 0.04 |
| Date: | Thu, 29 May 2003 13:36:01 +0200 |
Hiho,
first thanks for the module. It works great for me, I was able to add
the GnuPG stuff to my MUA in less than 2 hours ;)
But I found a portability and a security issue, attached you find a
small patch fixing both:
1.) Passing DIR => "/tmp" to tempfile() isn't portable, tempfile()
itself takes care about a proper temp directory.
2.) verify(): temporary files are deleted on program exit, but
should be deleted as soon as possible after processing. In case
of an encrypted and signed message, keeping the unencrypted body
file on the harddisk longer than necessary is a serious security
flaw. But even deleting the files immediately doesn't really fix
the problem. It would be better to always pipe the signed message
into gnupg, instead of using temp. files.
Regards,
Joern
--
Joern Reder
Development Head ZYN! Coding Division - http://www.zyn.de/
--- GnuPG.pm 2003-05-29 13:17:40.000000000 +0200
+++ GnuPG.pm.patched 2003-05-29 13:17:37.000000000 +0200
@@ -236,7 +236,6 @@
my ($sigfh, $sigfile)
= File::Temp::tempfile('mgsXXXXXXXX',
- DIR => "/tmp",
UNLINK => 1,
);
print $sigfh $sigtext;
@@ -244,7 +243,6 @@
my ($datafh, $datafile) =
File::Temp::tempfile('mgdXXXXXX',
- DIR => "/tmp",
UNLINK => 1,
);
# Read the (unencoded) body data:
@@ -264,6 +262,8 @@
close $error;
close $input;
+ unlink $sigfile, $datafile;
+
waitpid $pid, 0;
my $exit_value = $? >> 8;