[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#170069: ITP: grunt -- Secure remote execution via UUCP or e-mail using GPG



John Goerzen wrote:
> Grunt doesn't preserve any notion of a session

It doesn't need to: the unix filesystem already does. I said that was a
contrived example, but I'm sure you will find some real ones eventually.

Slightly less contrived:

1. notice that oops, the cd burning script will do something evil if
   passed a certian type of iso.
2. send in a fixed script
3. run it

You really don't want step 2 to be intercepted here either.

-- 
see shy jo

Attachment: pgpYvZVNjlGrz.pgp
Description: PGP signature


Reply to: