Re: [PATCH] Fix releasing procedure

[Gary V . Vaughan]

On Tuesday, January 27, 2004, at 10:40  am, Alexandre Duret-Lutz wrote:
> On Tue, Jan 27, 2004 at 10:17:52AM +0000, Scott James Remnant wrote:
> > *gulps* it stores my GPG passphrase in a shell variable?!
>
> Yep.  Just like mailcrypt stores it in an emacs variable, or gpg in a
> C variable.  What's the difference?

I was about to ask how you get the passphrase into gpg without it 
showing
up in the process table for an instant, but you seem to have tried to 
address
that.  Notice that at the point that you pass the passphrase to gpgs 
stdin on
a pipe you are calling echo with the PATH set by the user:

  echo $passphrase | $GPG --passphrase-fd 0 -ba -o $file.sig $file

Oops!

Better than PATH fiddling in the environment, it would be good to 
detect bash
and use 'builtin echo' (and similar for ksh and zsh).  I think you 
should also
call gpg with an absolute path to forestall a trojan gpg which could 
log the
passphrase.

I'd be happier using the script if you supported quintuple agent, so 
that if gpg
is getting it's passphrase from gpg-agent already, then there is no 
need to save
it in the script at all.  I'm no security expert, and even I've found a 
couple of
vulnerabilities.  I have to say that I wouldn't use the script on a 
networked
machine as it stands.

Cheers,
        Gary.
--
Gary V. Vaughan      ())_.  address@hidden,gnu.org}
Research Scientist   ( '/   http://www.oranda.demon.co.uk
GNU Hacker           / )=   http://www.gnu.org/software/libtool
Technical Author   `(_~)_   http://sources.redhat.com/autobook