On Fri, Jan 29, 2016 at 5:11 PM, Kevin Lyda <[email protected]> wrote:
> On Fri, Jan 29, 2016 at 3:16 PM Dashamir Hoxha <[email protected]> > wrote: > >> On Fri, Jan 29, 2016 at 11:16 AM, Kevin Lyda <[email protected]> >> wrote: >> >>> I have no idea why you want to do this since your shell already has >>> completion. Not sure of the win here. >>> >> I want to ask user for the passphrase only once, save it in a variable, >> > > I'll admit it, I lied. I guessed you were going to do something like that. > > Just so I can sleep at night with a clean conscience, you're aware that is > a horribly bad idea to do, yes? There's a good chance your password could > end up in a swap file or in a core file. A root user can just do "ps > auxwwe". And I assume you're passing that password in via the command line > so a well timed ps by *any* user will get your password. > Now I am passing the passphrase from stdin, using the option `--passphrase-fd 0` of gpg: https://github.com/dashohoxha/pw/commit/2a567e11bf56943446d28be83b7777b3e71b99f7#diff-1a5b08bb94541dc292409e7e18b9c3eaL22 After trying lots of other things, I was lucky to find this: http://stackoverflow.com/questions/19895122/how-to-use-gnupgs-passphrase-fd-argument I think that at least "ps auxwwe" is not an issue now. Is it?
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
