On Thu, 14 Jun 2018 08:11, patr...@enigmail.net said: > However, the problem behind is that without --log-file, you get a > mixture of human-readable and machine-parseable output on stderr. You
Only if you use the same file descriptor for --status-fd as you do for --logger-fd or use a filename reflecting the same file descriptor in --log-file. Note that --log-file defaults to stderr (2) but --status-fd has no default. Mozilla seems to allow only for the 3 standard file descriptors and that is the main cause of the bug. > I therefore recommend you change --log-file XXX to --log-file /dev/null. > This should be OK for Enigmail and equally prevent from such attacks. Another option for non-fixed gpg versions is to use --no-verbose. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpTnIU3SQiyK.pgp
Description: PGP signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
