Hi everybody,
Sorry if this isn’t the correct list; I’m new to Ruby and couldn’t find
an
answer to this question in the other likely places.
I’m working on a tool that wraps the Arch Linux command line password
manager
“pwsafe”. It keeps your master password in memory for ten minutes so
that you
don’t have to re-type it so much. Recently I found a vulnerability and
have to
re-write the function that invokes the main pwsafe program to get the
application password. It looks like this now:
def fetch_app_password
master_password = driver.get # fetch the password from the user
TODO stop printing the user’s master password in cleartext
open( “| #{PWSAFE} -q -E -p #{stringified_args}”, ‘r+’ ) do
|pwsafe_pipe|
pwsafe_pipe.write(master_password + “\n”)
app_password = pwsafe_pipe.readline()
if app_password == “Passphrase is incorrect”
system ‘killall pwsafe’
raise ‘Passphrase is incorrect’
end
return app_password
end
raise ‘an error occurred’
end
This code invokes pwsafe and correctly returns the application password
the
user asked for; however, the entire exchange between the password safe
and the
ruby program occurs in the user’s terminal - in cleartext. This is
unacceptable
because shoulder surfers are definitely part of my threat model.
I’ve tried a few things, including running setty -echo just before
opening
the pipe; none of them have prevented that master_password variable from
ending
up on the terminal. Can anyone suggest a good way to silence the master
password, or (even better) the entire conversation?
Thanks,
Dolan