Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
On Fri, Oct 20, 2000 at 02:14:09PM +0200, Thomas Roessler wrote: Did you try to change the content-type of these octet-streams to application/pgp? With the more recent mutt versions, you can comfortably do this from within mutt. Really? I'm using mutt 1.2i . What version do I need to do this and where do I find information on this? Regards, Daniel.
Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
Daniel Kollar [EMAIL PROTECTED] wrote on Mon, 23 Oct 2000: Did you try to change the content-type of these octet-streams to application/pgp? With the more recent mutt versions, you can comfortably do this from within mutt. Really? I'm using mutt 1.2i . What version do I need to do this and where do I find information on this? I think 1.2 is sufficient. Try ^E (edit-type) from either the index, pager or the attachements display view. The change will only last while you're in that folder, it won't get saved into the message (I think). Ooops, I just noticed that this function isn't listed in the manual, time to create a documentation patch again... It is listed in the help screens, though. Regards, Mikko -- // Mikko Hänninen, aka. Wizzu // [EMAIL PROTECTED] // http://www.iki.fi/wiz/ // The Corrs list maintainer // net.freak // DALnet IRC operator / // Interests: roleplaying, Linux, the Net, fantasy scifi, the Corrs / Did you know that the word "gullible" is not in the dictionary?
Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
On Mon, Oct 23, 2000 at 10:25:02AM +0200, Daniel Kollar wrote: On Fri, Oct 20, 2000 at 02:14:09PM +0200, Thomas Roessler wrote: Did you try to change the content-type of these octet-streams to application/pgp? With the more recent mutt versions, you can comfortably do this from within mutt. Really? I'm using mutt 1.2i . What version do I need to do this and where do I find information on this? I'm using 1.2i - from the attachments help page: ^E edit-type edit attachment content type Best, Petr
FEATURE-REQUEST: mutt looks for PGPPASS environment variable
Hello mutt-developers, here is a feature request for future versions of mutt: Mutt looks for the PGPPASS environment variable. If this is set, then no passphrase is needed to be send to pgp program, because pgp looks for the PGPPASS variable by itself. Mutt will also not ask the user for the passphrase. This should be easy to implement. The user would then have the option to set the passphrase via a wrapper-script permanently. For example: muttwrap --- #!/usr/bin/sh set $passparam=$* if ( ps -U $LOGNAME | grep mutt | grep -v muttwrap /dev/null ) then echo "WARNING: You are already running Mutt." echo " Starting Mutt in readonly mode." echo echo "Please enter passphrase: " stty -echo read pgppassphrase PGPPASS=$pgppassphrase; export PGPPASS stty echo $PATHTOMUTT/mutt -R $* else echo "Please enter passphrase: " stty -echo read pgppassphrase PGPPASS=$pgppassphrase; export PGPPASS stty echo $PATHTOMUTT/mutt $passparam fi -- Thank you very much! Regards, Daniel.
Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
Don't do that. Storing the pgp pass phrase in an environment variable may have been a valid option on MS-DOS computers. It isn't on Unix machines, since the environment is not guaranteed to be confidential. Also, what's the point in using a shell script like the one below? - There is no reason to avoid running two mutts on the same mailbox. Mutt _does_ know how to graciously deal with concurrent access to mail folders. - There is no point in asking for the pass phrase in a shell script, and then storing it in $PGPPASS. Mutt will ask for the pass phrase the first time it's needed, and remember it for the coming $pgp_timeout seconds. The default is 300 seconds; you can easily change that from your .muttrc. Note that the mechanism mutt uses to pass the pass phrase to pgp _is_ safe against eavesdropping by other users on the same system. On 2000-10-20 10:21:20 +0200, Daniel Kollar wrote: Date: Fri, 20 Oct 2000 10:21:20 +0200 From: Daniel Kollar [EMAIL PROTECTED] To: Mutt User List [EMAIL PROTECTED] Subject: FEATURE-REQUEST: mutt looks for PGPPASS environment variable Mail-Followup-To: Mutt User List [EMAIL PROTECTED] User-Agent: Mutt/1.2i Hello mutt-developers, here is a feature request for future versions of mutt: Mutt looks for the PGPPASS environment variable. If this is set, then no passphrase is needed to be send to pgp program, because pgp looks for the PGPPASS variable by itself. Mutt will also not ask the user for the passphrase. This should be easy to implement. The user would then have the option to set the passphrase via a wrapper-script permanently. For example: muttwrap --- #!/usr/bin/sh set $passparam=$* if ( ps -U $LOGNAME | grep mutt | grep -v muttwrap /dev/null ) then echo "WARNING: You are already running Mutt." echo " Starting Mutt in readonly mode." echo echo "Please enter passphrase: " stty -echo read pgppassphrase PGPPASS=$pgppassphrase; export PGPPASS stty echo $PATHTOMUTT/mutt -R $* else echo "Please enter passphrase: " stty -echo read pgppassphrase PGPPASS=$pgppassphrase; export PGPPASS stty echo $PATHTOMUTT/mutt $passparam fi -- Thank you very much! Regards, Daniel. -- Thomas Roessler [EMAIL PROTECTED]
Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
Don't do that. Storing the pgp pass phrase in an environment variable may have been a valid option on MS-DOS computers. It isn't on Unix machines, since the environment is not guaranteed to be confidential. I'm working on unix. In the PGP CmdLineGuide you will find a section about this. There you can read that using this feature is safe when you use in in a environment where no one else has access to it. I'm doing that. The environment is only active as long as mutt is open. No one from outside can access it. The wrapper script asks me for entering the passphrase and starts mutt immedeately after this. So, it is safe. The only thing a would agree is that someone can change the wrapper script to send the passphrase via email to outside... Also, what's the point in using a shell script like the one below? - There is no reason to avoid running two mutts on the same mailbox. Mutt _does_ know how to graciously deal with concurrent access to mail folders. - There is no point in asking for the pass phrase in a shell script, and then storing it in $PGPPASS. Mutt will ask for the pass phrase the first time it's needed, and remember it for the coming $pgp_timeout seconds. The default is 300 seconds; you can easily change that from your .muttrc. Maybe you have read my previous email regarding the mutt_octet-filter which can decrypt pgp encrypted octet-streams. The PGPPASS environment variable is the easiest way to remember the passphrase. But now I have to enter the passphrase two times. One for my octet-filter and one for mutt. What solution to you see? Daniel.
Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
On Fri, Oct 20, 2000 at 01:51:13PM +0200, Daniel Kollar wrote: In the PGP CmdLineGuide you will find a section about this. There you can read that using this feature is safe when you use in in a environment where no one else has access to it. I'm doing that. The environment is only active as long as mutt is open. No one from outside can access it. The wrapper script asks me for entering the passphrase and starts mutt immedeately after this. So, it is safe. The only thing a would agree is that someone can change the wrapper script to send the passphrase via email to outside... what about people accessing mutt's enviroment through the proc filesystem? or via strace? "an enviroment where no one else has access to it" ususally means a standalone computer, or one where you are the ONLY user (including root)... if it's a multi user machine, your env isn't safe. -- Dan Boger System Administrator [EMAIL PROTECTED] PGP signature
Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
On 2000-10-20 13:51:13 +0200, Daniel Kollar wrote: I'm doing that. The environment is only active as long as mutt is open. No one from outside can access it. That's your particular environment. However, mutt is designed in a way which makes it suitable for use on real multi-user systems. You'll understand that we won't encourage practices which are extremely unsafe on such systems - users will get used to these pratices, and run into traps on real multi-user systems. The only thing a would agree is that someone can change the wrapper script to send the passphrase via email to outside... If someone can let you execute Trojan programs or scripts, you have a problem anyways. Maybe you have read my previous email regarding the mutt_octet-filter which can decrypt pgp encrypted octet-streams. The PGPPASS environment variable is the easiest way to remember the passphrase. Did you try to change the content-type of these octet-streams to application/pgp? With the more recent mutt versions, you can comfortably do this from within mutt. -- Thomas Roessler [EMAIL PROTECTED]
Re: FEATURE-REQUEST: mutt looks for PGPPASS environment variable
From a bash prompt, try running: COLUMNS= ps ae | grep mutt and see if you don't change your mind about using PGPPASS. -- Bob Bell [EMAIL PROTECTED] - "Just don't create a file called -rf. :-)" -- Larry Wall, creator of the Perl programming language