[PATCH] Re: --passphrase and command line
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jan 15 20:44:04 CET 2015
On Thu 2015-01-15 07:39:06 -0500, hymie! wrote:
> Being only an amateur programmer, I wonder if you could free the
> existing pointer and replace it with a char[6] and always have a
> "xxxxx" as the replacement string.
free()ing something that was not malloc()ed is a bad idea :) and i
believe the process table explicitly shows exactly the memory that is
already pointed to by the pointers in argv; resetting those pointers to
point somewhere else shouldn't have the same effect.
> I see from the patch below that you aren't accessing argv itself,
> so I don't know if that's feasible or not. Just an idea.
it is actually accessing the data pointed to by the pointers referred to
by argv (whew, indirection!), but not argv itself.
>>It would be bad if this encouraged the use of the --passphrase option
>>*anywhere*, though, since it really is the worst way to use the tools.
>
> Worse than not using them at all?
if you're really at that stage, i guess it's better than nothing; but
given the scenario you're working on, Werner's suggestion of
pinentry-curses sounds much better to me than anything else proposed in
this thread so far.
using pinentry-curses would mean that vi (and your plugin) never even
need to see the user's passphrase. This is a win -- less data for you
to manage, and less of a chance for the sensitive info to leak into
other parts of the OS.
--dkg
More information about the Gnupg-devel
mailing list