On Thu, Mar 7, 2019 at 4:53 AM Stuart Henderson <[email protected]> wrote: > > On 2019/03/06 22:20, Theo de Raadt wrote: > > I'm not sure why this matters. > > > > Fundamentally system is fork+exec via a shell. So you write it as > > minimal fork+exec. > > > > What is the particular benefit you see here, is it security -- and if > > so, what is the security benefit? Have you identified a quoting problem? > > Can you pinpoint the issue and explain it please?
If an administrator is given doas access to ikectl, they can start a root shell with doas ikectl ca '; sh; : ' create. Additionally if a user wants to create a ca or certificate or key with a special character, it must be double quoted to survive system(3). At the very least this fact should be documented, but removing the use of system(3) is the safer and less surprising way. > > > I had sent a similar patch a while back. There seemed to me some > > > interest, but it was never comitted. Updated to apply to -current. > > At the time of the first version of this diff there was a quoting > problem (and a "passwords showing in ps(1)" problem) but it was fixed > differently in ikeca.c:1.46 The export password is still shown in ps(1) since it's put into the environment via env(1) (cf. ikeca.c 686).
