<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/guenther_brunthaler">Günther Brunthaler</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1333">#1333</a>
</p>
<div></div>
<p dir="auto">Under POSIX-like operating systems, the command line arguments of all
executed commands are visible to all users on the system.</p>
<p dir="auto">If malicious user Eve watches the certtool invocation of a different
user Alice who is using the --seed option, Eve will know what seed
Alice's private key has been generated from.</p>
<p dir="auto">If Alice also used the --provable option, Eve will even be able to
reconstruct Alice's private key, which is a very bad thing.</p>
<p dir="auto">Recommendation: The --seed option should either be removed or be
explicitly documented to be suitable for debugging and testing only. A
new option should be added which allows to read the seed from a file.
In this case, Eve will only see the filename on the command line, but
not the contents of the file.</p>
<p dir="auto">BTW: The --password option has quite a similar problem. But there is
the possibility to read it from standard input or from the
configuration file. Can the seed maybe read from the configuration file
also? But if so, neither the documentation nor the example
configuration file does mention it.</p>
<p dir="auto">Additional references:</p>
<p dir="auto">Other Downstream bug reports related to this issue:</p>
<p dir="auto"><a href="https://github.com/ShiftMediaProject/gnutls/issues/22" rel="nofollow noreferrer noopener" target="_blank">https://github.com/ShiftMediaProject/gnutls/issues/22</a></p>
<p dir="auto">Known external projects blocked by this issue:</p>
<p dir="auto"><a href="https://github.com/guenther-brunthaler/tilde_anyone-someplace-ssl__pki-dajhgna82z9cx6kwy6yalncmt/commit/6fd5cc20bd3a70d8bc447c8f3532e2810218edf5" rel="nofollow noreferrer noopener" target="_blank">https://github.com/guenther-brunthaler/tilde_anyone-someplace-ssl__pki-dajhgna82z9cx6kwy6yalncmt/commit/6fd5cc20bd3a70d8bc447c8f3532e2810218edf5</a></p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1333">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/45835bd83cc23882a91bba58c298154a/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1333"}}</script>
</p>
</div>
</body>
</html>