On Thu, Feb 09, 2017 at 12:47:16AM -0500, Selva Nair wrote: > Hi, > > On Thu, Feb 9, 2017 at 12:10 AM, Antonio Quartulli <a...@unstable.cc> wrote: > > > > > > I would consider username as not sensitive material although not sure > > > everyone would agree. Unfortunately there is no way to know in advance > > that > > > auth-token may get pushed so I can't think of a good way of avoiding > > this. > > > A not so secure approach (I considered this first) would be to delay > > > clearing the username/password to post pushed-options processing, but > > then > > > one has to handle cases like what if the push reply never arrives and so > > > on.. In general its always better to clear sensitive data at the > > earliest. > > > > > > The way out would be to do one more purge_user_pass(.., false) after push > > > processing.. sigh.. will go there only if absolutely necessary. > > > > Yesterday, while discussing the same issue on IRC, I came up with this > > patch: > > > > http://bpaste.net/show/153e8d51c02d > > > > It does indeed wait for the push-reply to come back before making a > > decision > > about wiping the user_pass object or not. > > This way also the user is wiped when nocache remains true. > > > Very interesting! I know, all that complexity can't be helped when purged > from push.c. That apart, imo, delaying purge_user_pass() until push > processing is not a good idea as I wrote above. What if push reply does not > arrive? It does happen and then the password will never get securely wiped > from memory.
Yeah, good point. I thought that openvpn would just exit/fail if no push reply is provided, that is why I did not consider this case. Then, the purge could be hooked at a later stage, i.e. when the interface has been setup. Postponing the purge still sounds less hackish to me, but I am not the one deciding :) Cheers, -- Antonio Quartulli
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
