Comments on a small script please

Kimmo K. I. Surakka kusti@iki.fi
Fri Feb 22 10:06:01 2002


Steve Butler <sbutler@fchn.com> writes:

> >From the README file I thought the shell script would capture the passphrase
> and hold it until needed.  That caused me some concern until I read the
> script and discovered it wasn't so! 

Yes, the README was not very clear there. I wonder, however,
how big a threat would it be if the shell script actually
did read the passphrase to a variable? What means would an
outsider have to read it from there (without root
priviledges)?

> The main problem is whenever you have a plain text file sitting around
> somebody else can grab it.  There really isn't any way around that problem
> on a multi-user system.  At our shop we don't care since everybody inside

That is true. If the file is not encrypted it is not
safe. Still, I believe that to work with any computer one
has to trust the computer operator. If a malicious attacker
had root priviledges on the system, even the gpg binary
could not be trusted. Therefore, I think that as long as a
file can only be read by me or by root, it is safe enough
(well, maybe I would still think twice before storing my
most private data this way). I just hope I got the script
right, so that root really is the outsider, who can access
those temp files.

> Just one small nit to pick on the coding.  Your test for the number of
> arguments passed can be easily broken by somebody who knows how to pass a
> null argument in the 2nd position.  In the Korn shell (ksh) you can use $#

Thanks. That one is fixed now. So (hopefully) is the temp
file creation. The temp files are now created in a
newly-created private directory to prevent any symlink
attacks. Hope I got it right.

Kusti
-- 
Kimmo K. I. Surakka <kusti@iki.fi>
Additional information available at http://www.iki.fi/kusti/
Link of the day: http://www.stoptorture.org/