Posted by: Administrator
on March 17, 2007 12:39 AM
The decrypted file is left in the clear on disk. For editing, this may be a necessary evil, but for only viewing the file (because you needed to retrieve a password), there is no need to have the contents on the disk, linked to a filename, for viewing.
I suggest these changes to tighten the security during data viewing:
Read the entered password into an environment variable, rather than creating a disk file. (Not all<nobr> <wbr></nobr>/tmp mounts use tmpfs.) Use "echo var" rather than "cat file" to feed the password to gpg.
Pipe the gpg decryption to a pager ("more" or "less"). No on-disk file is needed for viewing only.
Put the viewer into the background, and immediately scrub the password variable. This shortens the time the password is viewable in<nobr> <wbr></nobr>/proc/(pid)/environ. Once sensitive information is wiped, you can "wait" for the viewer to exit.
Learn about Linux
Download Linux
Get Linux help
information leakage
Posted by: Administrator on March 17, 2007 12:39 AMThe decrypted file is left in the clear on disk. For editing, this may be a necessary evil, but for only viewing the file (because you needed to retrieve a password), there is no need to have the contents on the disk, linked to a filename, for viewing.
I suggest these changes to tighten the security during data viewing:
#