tag 600304 +security severity 600304 critical thanks Upon looking deeper, it seems that this is a problem which is actually exploitable by the user. If a user creates a .monkeysphere/authorized_user_ids file containing a specially crafted line, they can cause arbitrary commands to be executed when monkeysphere-authentication keys-for-user is run.
pgpJEIHZTk6BR.pgp
Description: PGP signature
