On 14.06.18 00:39, Micah Lee wrote: [...] > So my question is, is it safe for split GPG to simply ignore the > --log-file argument altogether? Or does Enigmail try to do something > with that log file later on, and things will break if it's not there?
From what we know *currently* it seems OK to drop the --log-file argument. However, the problem behind is that without --log-file, you get a mixture of human-readable and machine-parseable output on stderr. You cannot be sure that there is no other way to trick gpg into printing human-readable output that looks like machine-parseable, and thus make Enigmail think the message is signed/encrypted whatever. I therefore recommend you change --log-file XXX to --log-file /dev/null. This should be OK for Enigmail and equally prevent from such attacks. -Patrick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
