On Tue, Jun 21, 2005 at 10:16:01AM +1000, Robert Thorsby wrote: > My solution to this is to have procmail send all emails with the > subject line "I Only Fish for Herring on Wednesdays" to my inbox which > is periodically scrutinized by a cron bash script. If the body of the > message is "WAWWO o6Hea 1SqG4 NHfJI FCU0s NxJeW" (the one-time message > changes daily) then bash does its duty. > > Probably not secure but it gives me a warm and fuzzy feeling.
For security, you can GPG-sign command messages, and then the script can just verify the signature before executing anything. If your scripts can stand being run extra times, that's all you need to do, otherwise you need to guard against replay attacks, by (for instance) including a unique value at the top of the message, and having the executor remember past unique values and not executing anything if it's seen it's unique value before. You could also do date-based verification, if you're pretty sure your signing machine is going to have an accurate date relative to the executor machine, and that the messages will reach their destination in a reasonable amount of time. - Matt
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html