Maniphest T5917

gpg-agent: Not writing password into file
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• gniibe
	Apr 5 2022, 2:29 AM

Tags

Subscribers

Description

Reading the code, I found there is one place in GnuPG, where it writes a password into a file. It is removed after use, and its content is overwritten. But, still, it's not a good practice, because there is a little risk about access to the file, or file system.

D550: gnupg: No writing passphrase as a file is a possible patch.

Revisions and Commits

rG GnuPG
	rG9c0a24b4a55e agent: Not writing password into file.
	rGe529c54fe3a8 agent: Not writing password into file.

Related Objects

Mentioned Here: D550: gnupg: No writing passphrase as a file

Event Timeline

• gniibe triaged this task as Normal priority.Apr 5 2022, 2:29 AM

• gniibe created this task.

• gniibe added a commit: rGe529c54fe3a8: agent: Not writing password into file..Apr 22 2022, 6:36 AM

• gniibe added projects: Restricted Project, gpgagent, Bug Report.Apr 22 2022, 6:43 AM

• werner added a commit: rG9c0a24b4a55e: agent: Not writing password into file..Apr 25 2022, 3:29 PM

• gniibe closed this task as Resolved.Jun 9 2022, 7:55 AM

• gniibe removed a project: Restricted Project.