[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#170069: ITP: grunt -- Secure remote execution via UUCP or e-mail using GPG

On Thu, Nov 21, 2002 at 04:12:42PM -0600, John Goerzen wrote:
> After verifying the signature on the data, the receiver does some sanity
> checks.  One of the checks is doing an md5sum over the entire file
> (remember, this includes both the headers and the payload).  If it
> has seen the same md5sum in the last 60 days, it rejects the request.  If
> the date of the request was more than 30 days ago, it rejects the request.

30 days seems like an awfully long time...

I would have though rejecting any requests, say an hour old would
be better...

So, if you did issue an halt command, the worst an attacker could do
would be to delay execution by one hour, not 30 days.
Brian May <bam@debian.org>

Reply to: