Please note: this script is *not* supported by the debian maintainer.
Any bug report regarding it of the "S" macro will be summarily closed.
		-- Marco d'Itri


From: Henrique M Holschuh <hmh+debianbug@rcm.org.br>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#66226: [WORKAROUND] Mutt's filter command is very unsafe, especially for PGP/GPG macros
Reply-To: Henrique M Holschuh <hmh+debianbug@rcm.org.br>,
	66226@bugs.debian.org
Date: Sun, 25 Jun 2000 08:25:34 -0300

Package: mutt
Version: 1.2-1.0.compressedfolders
Severity: wishlist

Please add the attached utility to the Debian packaging of Mutt (maybe as a
contrib script?)

Debian defines a compose S macro for non-PGP/MIME clearsigning messages
using gpg in the default /etc/Muttrc. You might want to consider using this
script as in:

macro compose S "Fsafefilter gpg --sign --armor --textmode \
  --clearsign\ny^T^Uapplication/pgp; format=text; x-action=sign\n" \
  'clearsign the message'

The standard macro will throw away the message body if gpg fails for any
reason(!), which is NOT acceptable behaviour IMHO.

The utility depends on debianutils>=1.6, and if wipe is used, it also
depends in wipe. This is properly documented in the file.

I'm not very good at shell scripting, so you might want to have a look at
the file first. It works for me so far :-)

-- System Information
Debian Release: 2.2
Architecture: i386
Kernel: Linux godzillah.rivendell.sol 2.2.17pre6 #1 Fri Jun 23 11:12:44 BRT 2000 i586

Versions of packages mutt depends on:
ii  libc6            2.1.3-10                GNU C Library: Shared libraries an
ii  libncurses5      5.0-6                   Shared libraries for terminal hand
ii  postfix [mail-tr 0.0.20000531.SNAPSHOT-1 A high-performance mail transport 

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


#!/bin/bash
#
#  Mutt helper script for the Filter command
#  Initial version by Henrique M. Holschuh
#
#  Released to the public domain. Please document your changes under
#  your name.
#
#  Runs a filter program, but makes sure to return in stdout the
#  unfiltered output if the filter program fails. You might want to use
#  this filter when piping data to gpg, for example.
#
#  tempfile can be found in v1.6 or newer of Debian's debianutils package
#  you might also try using mktemp instead (available on BSDs as well).
#  wipe can be found in Debian's wipe package
#
#  Usage: $0 [filterprog [parameters...]]
#

# Choose your level of paranoia. Useful if you're going to encript data
#RMCOMMAND="/bin/rm -f"
RMCOMMAND="/usr/bin/wipe -f -s -F"

# Program to create a *safe*, unique temporary file. You'd better not do
# something highly stupid such as pointing it to a NFS mounted volume if
# you're already using wipe above.
TMPFILECOMMAND="/bin/tempfile -d /tmp"

# Trap our exit to a safe one
set -e
trap "RESULT=$? ; cat - ; exit $RESULT" EXIT

# Exit safely if filterprog was not specified
[[ $# -eq 0 ]] && exit

# Create a temporary copy of our stdin and change exit trap to use it
TEMPFILE=`${TMPFILECOMMAND}`
cat - >${TEMPFILE}
trap "RESULT=$? ; ( cat ${TEMPFILE} ; ${RMCOMMAND} ${TEMPFILE} >/dev/null 2>&1 ; exit ${RESULT} )" EXIT

# Run the filterprog using the saved stdin contents
cat ${TEMPFILE} | "$@"

# clean up
RESULT=$?
trap - EXIT
set +e
${RMCOMMAND} ${TEMPFILE} >/dev/null 2>&1
exit ${RESULT}

