On Mon, 2 Jul 2012 19:41:22 +0100, Ambrevar wrote: > Thanks for the quick update. > > > > Besides, there is sadly no '--password' parameter available. This > > > is useful for using msmtp from an external program such as mutt, > > > while not saving the password in any clear file. So I added > > > support for the '--password' parameter. Quite simple in fact, > > > and seems to work pretty well. > > > > The problem with this option is that it shows up in process lists > > (via the ps utility, in /proc, and via several system calls), so it > > would be unsafe to use. I did not push this part of your patch. > > Isn't it possible to see the result of the command passed to > passwordeval anyway? The command result is retrieved from a pipe -- > popen in get_password_eval(...) function -- so I guess it is > possible to get the content of the pipe, which is the clear > password... Perhaps I'm wrong here, tell me.
As far as I know, there is no way for other programs to see the contents of the pipe. It does not have a name in the file system; it is just a buffer. > > With --passwordeval, it should be possible to use secure password > > storage (keyring or encrypted files or something else) and still > > give the password on the command line. > > The problem here is that gpg will fail when called from mutt. Gpg with Mutt will fail when gpg asks for the decryption password, because Mutt restricts terminal input/output. But when you use gpg-agent, gpg will query the agent instead, and that should work. If you use a GUI, you will get a GUI password prompt from gpg-agent, independent of the terminal Mutt uses. Without a GUI, you can probably give the agent the password before running Mutt. The agent will remember the password for a configurable time so you only have to enter it once. Regards, Martin ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ msmtp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/msmtp-users
