Skip to Content.
Sympa Menu

devel - Re: [sympa-developpers] [sympa-commits] sympa[11189] trunk/src/lib/Sympa/Message.pm: [dev] simplification: no need to use a fifo, a simple temporary file with strict permission is enough

Subject: Developers of Sympa

List archive

Re: [sympa-developpers] [sympa-commits] sympa[11189] trunk/src/lib/Sympa/Message.pm: [dev] simplification: no need to use a fifo, a simple temporary file with strict permission is enough

Chronological Thread  
    < Chronological >       < Thread >
  • From: Guillaume Rousse <address@concealed>
  • To: address@concealed
  • Subject: Re: [sympa-developpers] [sympa-commits] sympa[11189] trunk/src/lib/Sympa/Message.pm: [dev] simplification: no need to use a fifo, a simple temporary file with strict permission is enough
  • Date: Mon, 28 Jul 2014 21:11:51 +0200
Le 28/07/2014 16:38, Guillaume Rousse a écrit :
FIFO (I don't stick to this method, though) does not store
passed information to any perpetual storages. I suppose that is why
openssl supports FIFO.
openssl doesn't make any difference between a regular file and a fifo
for this matter, but this doesn't change much here.
Actually, using an environment variable is even simpler (see attached patch), and also avoid any kind of disk write. I'm not convinced than the warning in openssl man page about "certain Unix OSes" where those environment variable could be easily retrieved is really serious for us.
--
Guillaume Rousse
INRIA, Direction des systèmes d'information
Domaine de Voluceau
Rocquencourt - BP 105
78153 Le Chesnay
Tel: 01 39 63 58 31
Index: src/lib/Sympa/Message.pm
===================================================================
--- src/lib/Sympa/Message.pm	(révision 11266)
+++ src/lib/Sympa/Message.pm	(copie de travail)
@@ -699,20 +699,8 @@
         return undef;
     }
 
-    my $password_file;
-    if ($key_password) {
-        my $umask = umask;
-        umask 0077;
-        $password_file = File::Temp->new(
-            DIR    => $tmpdir,
-            UNLINK => $main::options{'debug'} ? 0 : 1
-        );
+    local $ENV{OPENSSL_PASSWORD} = $key_password if $key_password;
 
-        print $password_file $key_password;
-        close $password_file;
-        umask $umask;
-    }
-
     ## try all keys/certs until one decrypts.
     my $decrypted_entity;
     while (my $certfile = shift @$certs) {
@@ -728,7 +716,7 @@
         my $command =
             "$openssl smime -decrypt -out $decrypted_message_file" . 
             " -recip $certfile -inkey $keyfile" .
-            ($password_file ? " -passin file:$password_file" : "" );
+            ($key_password ? " -passin env:OPENSSL_PASSWORD" : "" );
         $main::logger->do_log(Sympa::Logger::DEBUG3, '%s', $command);
 
         my $command_handle;
@@ -1405,28 +1393,16 @@
             unless $header =~ /^(content-type|content-transfer-encoding)$/i
     }
 
-    my $password_file;
-    if ($key_password) {
-        my $umask = umask;
-        umask 0077;
-        $password_file = File::Temp->new(
-            DIR    => $tmpdir,
-            UNLINK => $main::options{'debug'} ? 0 : 1
-        );
-
-        print $password_file $key_password;
-        close $password_file;
-        umask $umask;
-    }
-
     my $signed_message_file = File::Temp->new(
         DIR    => $tmpdir,
         UNLINK => $main::options{'debug'} ? 0 : 1
     );
 
+    local $ENV{OPENSSL_PASSWORD} = $key_password if $key_password;
+
     my $command = "$openssl smime -sign"                             .
         " -signer $cert -inkey $key " .  "-out $signed_message_file" .
-        ($password_file ? " -passin file:$password_file" : "" );
+        ($key_password ? " -passin env:OPENSSL_PASSWORD" : "" );
     $main::logger->do_log(Sympa::Logger::DEBUG2, '%s', $command);
 
     my $command_handle;

Attachment: smime.p7s
Description: Signature cryptographique S/MIME


Archive powered by MHonArc 2.6.19+.

Top of Page