[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#170069: ITP: grunt -- Secure remote execution via UUCP or e-mail using GPG



On Fri, Nov 22, 2002 at 12:55:07AM +0100, Josselin Mouette wrote:
> message from being sent, and keep it for another day. Seeing your
> computer doesn't halt, you resend the message, and the attacker has 30
> days to use what he has stolen.

So you set the window to 2 days, or 15 minutes, or whatever.

But really, 'halt' is not really the kind of command this is designed to
run.  And couldn't, unless you either used sudo or did something nasty to
make it run as root.

It's more designed to do things like "take this 650MB ISO and go burn it
whenever" or "run this batch processing command".

> A secure way to handle this would be a challenge/response
> authentification, or a system similar to SSH's one-time passwords.

How can you respond if you are communicating asynchronously?



Reply to: