On Fri, Oct 20, 2000 at 01:51:13PM +0200, Daniel Kollar wrote:
> In the PGP CmdLineGuide you will find a section about this.
> There you can read that using this feature is safe when you use in in
> a environment where no one else has access to it.
>
> I'm doing that. The environment is only active as long as mutt is
> open. No one from outside can access it.
> The wrapper script asks me for entering the passphrase and starts mutt
> immedeately after this. So, it is safe.
> The only thing a would agree is that someone can change the wrapper
> script to send the passphrase via email to outside...
what about people accessing mutt's enviroment through the proc filesystem?
or via strace? "an enviroment where no one else has access to it" ususally
means a standalone computer, or one where you are the ONLY user (including
root)... if it's a multi user machine, your env isn't safe.
--
Dan Boger
System Administrator
[EMAIL PROTECTED]
PGP signature
