search

klml / msgsplit

message split allowes you to send messages (passwords etc.) to another person without having the message decrypted on the server or in the email.
MIT License
3 stars 1 forks source link

prevent exploiting common env #1

Open klml opened 5 years ago

klml commented 5 years ago

os.environ[ postparam['key'] ] passes not only "secret" envs, but also normal envs (e.g. SSH_AGENT_PID=) to an attacker.

possible solutions