Index: PATCH/README.ME+
*** ./elm2.4.ME+.15/README.ME+	Wed Apr  3 15:08:29 1996
--- PATCH/README.ME+	Sun Apr 28 08:17:19 1996
***************
*** 11,16 ****
--- 11,23 ----
  Version Elm2.4 PL24 ME8b is based to version Elm2.4 PL24.
  Version Elm2.4ME+ PLx (25) includes patch of version Elm2.4 PL25.
  
+ Changes of Elm2.4ME+ PL15s (25) to  Elm2.4ME+ PL15 (25)
+ ------------------------------------------------------
+ 
+ 	- SECURITY: Elm was running PGP as setgid mail (by using popen)
+ 	  when searching matching keys -- converting to use 
+ 		pipe - fork - setgid (groupid) - execl
+ 
  Changes of Elm2.4ME+ PL15 (25) to  Elm2.4ME+ PL14 (25)
  ------------------------------------------------------
  
Index: PATCH/hdrs/patchlevel.h
*** ./elm2.4.ME+.15/hdrs/patchlevel.h	Wed Apr  3 15:08:30 1996
--- PATCH/hdrs/patchlevel.h	Sun Apr 28 08:14:19 1996
***************
*** 1 ****
! #define PATCHLEVEL "15 (25)"
--- 1 ----
! #define PATCHLEVEL "15s (25)"
Index: PATCH/src/pgp.c
*** ./elm2.4.ME+.15/src/pgp.c	Wed Apr  3 15:08:35 1996
--- PATCH/src/pgp.c	Sun Apr 28 08:13:41 1996
***************
*** 124,134 ****
       address, or real name, or finally the username exist */
  
    for (;;) {
      while (*c && isspace (*c)) c++; /* move past any leading space! */
!     sprintf(buf, "%s +verbose=0 -kv '%s'", PGP_PATH, c);
!     p = popen(buf, "r");
!     if (!p)
!       return(-1);
      while (fgets(buf, STRING, p) != NULL) {
        /* see if we've reached the beginning of the key listings... */
        if (!start && strncmp(buf, "pub", 3)==0)
--- 124,165 ----
       address, or real name, or finally the username exist */
  
    for (;;) {
+     int fd[2];
+ 
+     if (pipe (fd) == -1) {
+       dprint (1, (debugfile, "GetPGPKey(): ERROR: pipe (errno %d)\n", errno));
+       return -1;
+     }
+ 
      while (*c && isspace (*c)) c++; /* move past any leading space! */
! 
!     if (fork () == 0) {
!       int tmp;
!       
!       setgid(groupid);
!       setuid(userid);
! 
!       close (fd[0]);
!       close (1);
!       dup (fd[1]);
!       close (fd[1]);
! 
!       execl(PGP_PATH, 
! 	    PGP_PATH,"+verbose=0", "-kv", c, (char *)0);
! 
!       tmp = errno;
!       perror(PGP_PATH);
!       _exit(tmp);
!     }
! 
!     close (fd[1]);
!     p = fdopen (fd[0], "r");
!     if (p == NULL) {
!       dprint (1, (debugfile, 
! 		  "GetPGPKey(): ERROR: fdopen (errno %d)\n", errno));
!       return -1;
!     }
! 
      while (fgets(buf, STRING, p) != NULL) {
        /* see if we've reached the beginning of the key listings... */
        if (!start && strncmp(buf, "pub", 3)==0)