Hi everybody,
Sorry if this isn't the correct list; I'm new to Ruby and couldn't find an
answer to this question in the other likely places.
I'm working on a tool that wraps the Arch Linux command line password manager
"pwsafe". It keeps your master password in memory for ten minutes so that you
don't have to re-type it so much. Recently I found a vulnerability and have to
re-write the function that invokes the main pwsafe program to get the
application password. It looks like this now:
def fetch_app_password
master_password = driver.get # fetch the password from the user
# TODO stop printing the user's master password in cleartext
open( "| #{PWSAFE} -q -E -p #{stringified_args}", 'r+' ) do |pwsafe_pipe|
pwsafe_pipe.write(master_password + "\n")
app_password = pwsafe_pipe.readline()
if app_password == "Passphrase is incorrect"
system 'killall pwsafe'
raise 'Passphrase is incorrect'
end
return app_password
end
raise 'an error occurred'
end
This code invokes pwsafe and correctly returns the application password the
user asked for; however, the entire exchange between the password safe and the
ruby program occurs in the user's terminal - in cleartext. This is unacceptable
because shoulder surfers are definitely part of my threat model.
I've tried a few things, including running `setty -echo` just before opening
the pipe; none of them have prevented that master_password variable from ending
up on the terminal. Can anyone suggest a good way to silence the master
password, or (even better) the entire conversation?
Thanks,
Dolan
Hi!
just use the awesome highline gem:
require 'rubygems'
require 'highline/import'
def get_password(prompt="Enter Password")
ask(prompt) {|q| q.echo = false}
end
thePassword = get_password()
regards, sandor
- --
···
On 20/07/14 23:22, Dolan Murvihill wrote:
Hi everybody,
Sorry if this isn't the correct list; I'm new to Ruby and couldn't
find an answer to this question in the other likely places.
I'm working on a tool that wraps the Arch Linux command line
password manager "pwsafe". It keeps your master password in memory
for ten minutes so that you don't have to re-type it so much.
Recently I found a vulnerability and have to re-write the function
that invokes the main pwsafe program to get the application
password. It looks like this now:
def fetch_app_password master_password = driver.get # fetch the
password from the user # TODO stop printing the user's master
password in cleartext open( "| #{PWSAFE} -q -E -p
#{stringified_args}", 'r+' ) do |pwsafe_pipe|
pwsafe_pipe.write(master_password + "\n") app_password =
pwsafe_pipe.readline() if app_password == "Passphrase is
incorrect" system 'killall pwsafe' raise 'Passphrase is incorrect'
end return app_password end raise 'an error occurred' end
This code invokes pwsafe and correctly returns the application
password the user asked for; however, the entire exchange between
the password safe and the ruby program occurs in the user's
terminal - in cleartext. This is unacceptable because shoulder
surfers are definitely part of my threat model.
I've tried a few things, including running `setty -echo` just
before opening the pipe; none of them have prevented that
master_password variable from ending up on the terminal. Can anyone
suggest a good way to silence the master password, or (even better)
the entire conversation?
Thanks, Dolan
- --
Viele Grüße Sandor