[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Fix releasing procedure
From: |
Scott James Remnant |
Subject: |
Re: [PATCH] Fix releasing procedure |
Date: |
Wed, 28 Jan 2004 15:57:34 +0000 |
On Tue, 2004-01-27 at 10:40, Alexandre Duret-Lutz wrote:
> On Tue, Jan 27, 2004 at 10:17:52AM +0000, Scott James Remnant wrote:
> > *gulps* it stores my GPG passphrase in a shell variable?!
>
> Yep. Just like mailcrypt stores it in an emacs variable, or gpg in a
> C variable. What's the difference?
>
Here's why you shouldn't store the passphrase in a shell variable:
$ export passphrase="something irrelevant"
$ ./gnupload
'passphrase' is now an exported shell variable, /proc/*/environ of the
gnupload shell script itself will contain "something irrelevant", but
once you've read that variable in, the environ of every single process
(including GPG, etc.) that that shell script runs will contain whatever
your passphrase is.
Adding an export to someone you intend to attack's shell environment is
unfortunately rather easy.
Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?
signature.asc
Description: This is a digitally signed message part
- Re: [PATCH] Fix releasing procedure, (continued)
- Re: [PATCH] Fix releasing procedure, Gary V . Vaughan, 2004/01/27
- Re: [PATCH] Fix releasing procedure, Alexandre Duret-Lutz, 2004/01/27
- Re: [PATCH] Fix releasing procedure, Alexandre Duret-Lutz, 2004/01/27
- Re: [PATCH] Fix releasing procedure, Gary V. Vaughan, 2004/01/27
- Re: [PATCH] Fix releasing procedure, Alexandre Duret-Lutz, 2004/01/27
- Re: [PATCH] Fix releasing procedure,
Scott James Remnant <=
- FYI: fix gnupload (Was: Re: [PATCH] Fix releasing procedure), Alexandre Duret-Lutz, 2004/01/28
Re: [PATCH] Fix releasing procedure, Gary V . Vaughan, 2004/01/27