[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [msmtp-users] Password parameters patch
On Mon, 2 Jul 2012 19:41:22 +0100, Ambrevar wrote:
> Thanks for the quick update.
>
> > > Besides, there is sadly no '--password' parameter available. This
> > > is useful for using msmtp from an external program such as mutt,
> > > while not saving the password in any clear file. So I added
> > > support for the '--password' parameter. Quite simple in fact,
> > > and seems to work pretty well.
> >
> > The problem with this option is that it shows up in process lists
> > (via the ps utility, in /proc, and via several system calls), so it
> > would be unsafe to use. I did not push this part of your patch.
>
> Isn't it possible to see the result of the command passed to
> passwordeval anyway? The command result is retrieved from a pipe --
> popen in get_password_eval(...) function -- so I guess it is
> possible to get the content of the pipe, which is the clear
> password... Perhaps I'm wrong here, tell me.
As far as I know, there is no way for other programs to see the
contents of the pipe. It does not have a name in the file system; it is
just a buffer.
> > With --passwordeval, it should be possible to use secure password
> > storage (keyring or encrypted files or something else) and still
> > give the password on the command line.
>
> The problem here is that gpg will fail when called from mutt.
Gpg with Mutt will fail when gpg asks for the decryption password,
because Mutt restricts terminal input/output. But when you use
gpg-agent, gpg will query the agent instead, and that should work. If
you use a GUI, you will get a GUI password prompt from gpg-agent,
independent of the terminal Mutt uses. Without a GUI, you can probably
give the agent the password before running Mutt. The agent will
remember the password for a configurable time so you only have to enter
it once.
Regards,
Martin