Jonathan,
O like the idea of fetching the password from an environment variable.
To me it looks safer than the one through command-line, which I would
only add if there was a really good reason for (since it gets stored in
history database - under Linux - and all). Note I didn't have enough
time to think about the attack surface it opens, though.
The -x looks interesting. However, couldn't that be made by using a
shell command tool, like hexdump and xxd?
Now I'm really opposed against putting passwords in the command line,
specially for something as sensitive as the owner password. Maybe if we
could put a configure switch to disable it and let it on by default...
Anyway, feel free to submit patches. Just make sure you send different
patchsets for different features.
And thank you in advance for helping,
Richard
Em 11-02-2014 07:27, Buhacoff, Jonathan escreveu:
Hi,
In my project which scripts some uses of tpm-tools, I found it useful
to add a couple of options to tpm_takeownership, tpm_nvdefine,
tpm_nvread, tpm_nvwrite, and tpm_nvrelease:
-x to interpret the passwords on the command line as hex
representations and hex-decode the passwords before using
-t to interpret the password arguments on the command line as
environment variable names and read the passwords from those variables
They can be used together to interpret a hex password from an
environment variable.
Also for tpm_takeownership I added two options to allow setting the
password non-interactively:
-o sets the owner password
-s sets the SRK password
For example, if you run tpm_takeownership it looks like this:
# tpm_takeownership
Enter owner password:
Confirm password:
Enter SRK password:
Confirm password:
But with the options it can look like this:
# export TPM_PASSWORD=ffffffffffffffffffffffffffffffffffffffff
# tpm_takeownership -x -t -oTPM_PASSWORD -z
Which doesn't prompt, doesn't expose the password on the process list,
and allows you to use any arbitrary 20-byte sequence as the password.
So I would like to submit a patch for this.
Is it ok to just create a feature request ticket and attach my patch
to it for the 5 tools I mentioned?
If it's accepted I can add the --x and --t options to other commands
and submit those as well.
Jonathan
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience. Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience. Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
