[PATCH] Re: --passphrase and command line

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 15 20:44:04 CET 2015


On Thu 2015-01-15 07:39:06 -0500, hymie! wrote:
> Being only an amateur programmer, I wonder if you could free the
> existing pointer and replace it with a char[6] and always have a
> "xxxxx" as the replacement string.

free()ing something that was not malloc()ed is a bad idea :)  and i
believe the process table explicitly shows exactly the memory that is
already pointed to by the pointers in argv; resetting those pointers to
point somewhere else shouldn't have the same effect.

> I see from the patch below that you aren't accessing argv itself,
> so I don't know if that's feasible or not.  Just an idea.

it is actually accessing the data pointed to by the pointers referred to
by argv (whew, indirection!), but not argv itself.

>>It would be bad if this encouraged the use of the --passphrase option
>>*anywhere*, though, since it really is the worst way to use the tools.
>
> Worse than not using them at all?

if you're really at that stage, i guess it's better than nothing; but
given the scenario you're working on, Werner's suggestion of
pinentry-curses sounds much better to me than anything else proposed in
this thread so far.

using pinentry-curses would mean that vi (and your plugin) never even
need to see the user's passphrase.  This is a win -- less data for you
to manage, and less of a chance for the sensitive info to leak into
other parts of the OS.

     --dkg



More information about the Gnupg-devel mailing list