On Mon, Jul 16, 2018 at 03:14:20PM +0200, Dashamir Hoxha wrote: > On Mon, Jul 16, 2018 at 2:16 PM Philipp Kern <[1]pk...@debian.org> wrote: > > This clearly writes the unencrypted tarball out to disk. > > It writes to `/dev/shm` which is not disk.
That is not a valid assumption. You have no way of knowing the device behind /dev/shm. > It writes to a random > temporary directory, so that it cannot be guessed. It removes > the unencrypted content as soon as the operation is performed. Unless the operation is atomic there is a possibility it can be interrupted. > All this happens almost instantly, it never stays unencrypted > for a long time. Ibid. > It is almost the same thing as using a pipe (|). > What is wrong here? It is not the same thing and it is based on several invalid/flawed assumptions. > I have been using it for 2-3 years and > never had a problem. > That doesn't make it correct code. I spend most of my day in code bases authored by other people. I consistently find bugs that have been in production, unreported, for 10 or more years. A bug is still a bug when it is found and identified, even if it has never manifested itself in the real world. If you doubt that, please review the recent news surrounding the SPECTRE and MELTDOWN vulnerabilities. Regards, -Roberto -- Roberto C. Sánchez