Richard Levitte - VMS Whacker wrote:
>
>
> What's wrong is that you assume OpenSSL takes password input from
> standard input. This is not the case. Instead, a separate handle to
> the TTY is opened, and that is used as password input. Under Unix,
> the file used is "/dev/tty". Under DOS, it's "con", and under VMS
> it's "TT:".
>
> In the current snapshot of OpenSSL, there's a new parameter that gives
> you the possibility to give the password on the command line to most
> utilities that need it, called -passin, -passout, -passin and -envpassin.
> Check it out.
>
Most utilities? I thought all the ones where it was useful were
covered. Have I missed one?
> BTW, I wonder if there shouldn't be a mechanism to get the password
> from stdin as well. '-passin -' or yet another switch, like
> '-pipepassin'? '-passin' has a real danger if you consider what 'ps'
> gives as output...
>
Yes thats why I added a warning to every man page about it. On some OSes
or setups its quite safe though.
Is there any circumstances where the environment isn't safe? I believe
extra privs are normally needed to read another users processes
environment.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]