[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Password parameters patch

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] Password parameters patch
From: Martin Lambers <marlam@...23...>
Date: Tue, 3 Jul 2012 06:51:40 +0200
In-reply-to: <20120702184122.GA29859@...20...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
References: <20120702140823.GB995@...20...> <20120702184208.27471786@...292...> <20120702184122.GA29859@...20...>

On Mon, 2 Jul 2012 19:41:22 +0100, Ambrevar wrote:
> Thanks for the quick update.
> 
> > > Besides, there is sadly no '--password' parameter available. This
> > > is useful for using msmtp from an external program such as mutt,
> > > while not saving the password in any clear file. So I added
> > > support for the '--password' parameter.  Quite simple in fact,
> > > and seems to work pretty well.
> > 
> > The problem with this option is that it shows up in process lists
> > (via the ps utility, in /proc, and via several system calls), so it
> > would be unsafe to use. I did not push this part of your patch.
> 
> Isn't it possible to see the result of the command passed to
> passwordeval anyway?  The command result is retrieved from a pipe --
> popen in get_password_eval(...)  function -- so I guess it is
> possible to get the content of the pipe, which is the clear
> password...  Perhaps I'm wrong here, tell me.

As far as I know, there is no way for other programs to see the
contents of the pipe. It does not have a name in the file system; it is
just a buffer.

> > With --passwordeval, it should be possible to use secure password
> > storage (keyring or encrypted files or something else) and still
> > give the password on the command line.
> 
> The problem here is that gpg will fail when called from mutt.

Gpg with Mutt will fail when gpg asks for the decryption password,
because Mutt restricts terminal input/output. But when you use
gpg-agent, gpg will query the agent instead, and that should work. If
you use a GUI, you will get a GUI password prompt from gpg-agent,
independent of the terminal Mutt uses. Without a GUI, you can probably
give the agent the password before running Mutt. The agent will
remember the password for a configurable time so you only have to enter
it once.

Regards,
Martin

Follow-Ups:
- Re: [msmtp-users] Password parameters patch
  - From: Ambrevar <ambrevar@...20...>

References:
- [msmtp-users] Password parameters patch
  - From: Ambrevar <ambrevar@...20...>
- Re: [msmtp-users] Password parameters patch
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Password parameters patch
  - From: Ambrevar <ambrevar@...20...>

Prev by Date: Re: [msmtp-users] Password parameters patch
Next by Date: Re: [msmtp-users] Password parameters patch
Previous by thread: Re: [msmtp-users] Password parameters patch
Next by thread: Re: [msmtp-users] Password parameters patch
Index(es):
- Date
- Thread