Re: correct way to clear sensitive data from env?
Em 24-10-2015 09:07, Stuart Henderson escreveu: > I don't understand why openvpn doesn't just allow passing the > username/password on a file descriptor to the authentication command. > That would avoid the permission problems with via-file and the unsafe > nature of via-env. I don't understand it either. From my point of view, the OpenVPN project has slowed down a lot on the past few years. Coincidentally, it's commercial solution, didn't. > so did Tamas, it's in ports. Good to know. I don't think my code still compiles against newer OpenVPN versions. Cheers, Giancarlo Razzolini
Re: correct way to clear sensitive data from env?
On 2015-10-23, Giancarlo Razzoliniwrote: > Em 23-10-2015 12:14, Tamas TEVESZ escreveu: >> case in point: openvpn passing username/password in the environment to >> openvpn_bsdauth. >> >> so there's actually a bit of a sensitive data in env that current >> wisdom rightly tends to want to junk as soon as possible. I don't understand why openvpn doesn't just allow passing the username/password on a file descriptor to the authentication command. That would avoid the permission problems with via-file and the unsafe nature of via-env. I don't think there's anything you can do inside openvpn_bsdauth to prevent it from being seen with ps -e (but you do need root for that). > I wrote many years ago an openvpn plugin that would use getpwnam instead > of that PAM crap. I believe it's still around on sourceforge. so did Tamas, it's in ports.
Re: correct way to clear sensitive data from env?
Em 23-10-2015 12:14, Tamas TEVESZ escreveu: > case in point: openvpn passing username/password in the environment to > openvpn_bsdauth. > > so there's actually a bit of a sensitive data in env that current > wisdom rightly tends to want to junk as soon as possible. I wrote many years ago an openvpn plugin that would use getpwnam instead of that PAM crap. I believe it's still around on sourceforge. openvpn-auth-passwd if I recall correctly. I developed it specifically because it would work on OpenBSD and also on any platform that works with getpwnam. I can look it up if you want, but I don't even know if it compiles with recent OpenVPN code. Cheers, Giancarlo Razzolini
correct way to clear sensitive data from env?
hi, case in point: openvpn passing username/password in the environment to openvpn_bsdauth. so there's actually a bit of a sensitive data in env that current wisdom rightly tends to want to junk as soon as possible. getenv(3) states, "If getenv() is successful, the string returned should be considered read-only.", operative word being "should". what's the correct way to deal with this (specifically on openbsd if there are any facilities that help here, as well as on other systems perhaps)? thanks, -- [-] mkdir /nonexistent
Re: correct way to clear sensitive data from env?
> case in point: openvpn passing username/password in the environment to > openvpn_bsdauth. > > so there's actually a bit of a sensitive data in env that current > wisdom rightly tends to want to junk as soon as possible. > > getenv(3) states, "If getenv() is successful, the string returned > should be considered read-only.", operative word being "should". > > what's the correct way to deal with this (specifically on openbsd if > there are any facilities that help here, as well as on other > systems perhaps)? Clearing the string is pointless, it is a race that it can still be observed! You should restructure it to move data over a socket/pipe.