but then if the shell implementation uses tmpfiles for heredoc, and doesn't do the equivalent of rm -P, you have another leak you thought was taken care of
conclusion: shell is not good for this even if it keeps heredocs in memory you have no idea if it zeros it out afterwards On Thu, Dec 5, 2013 at 6:57 PM, Andres Perera <[email protected]> wrote: > On Thu, Dec 5, 2013 at 8:57 AM, Christian Weisgerber <[email protected]> > wrote: >> Zé Loff <[email protected]> wrote: >> >>> Not sure how advisable this is, but I'm using a gpg encrypted file, >>> which I keep somewhere hidden (just because). Just put them in file >>> foo and do 'gpg -e foo' (assuming you've already setup gpg). When you >>> need to look something up just do 'gpg -d foo' and the file gets >>> decrypted to stdout. >> >> *takes a deep breath* >> >> ~/bin/pwsafe >> ---------------> >> #!/bin/sh >> >> SAFE=$HOME/.pwsafe >> TMPFILE=`mktemp /tmp/pwsafeXXXXXXXXXX` || exit 1 >> >> trap 'rm -P "$TMPFILE"' 0 1 2 15 >> >> STTY=`stty -g` >> echo -n "Password: " >> stty -echo >> read PASSWORD >> stty "$STTY" >> >> set -e >> echo -n "$PASSWORD" | openssl aes-256-cbc -d -in "$SAFE" -out "$TMPFILE" >> -pass stdin > > this is tricky. some people will read and say ok i'll switch echo for > printf and get on w/my life > > printf not being a builtin, will show up in ps(1), and so will $PASSWORD > > not apparent from the simple syntax used that such a change could end > up leaking important things > > it's better to use heredoc: > > openssl aes-256-cbc -d -in "$SAFE" -out "$TMPFILE" -pass stdin <<! > $PASSWORD > ! > >> ${EDITOR-${VISUAL-vi}} "$TMPFILE" >> echo -n "$PASSWORD" | openssl aes-256-cbc -in "$TMPFILE" -out "$SAFE" -pass >> stdin >> <--------------- >> >> -- >> Christian "naddy" Weisgerber [email protected]
