summaryrefslogtreecommitdiff
path: root/contrib/vim
diff options
context:
space:
mode:
authorIan Eure <ian.eure@gmail.com>2019-01-10 14:36:37 -0800
committerSvend Sorensen <svend@svends.net>2019-04-05 19:29:28 -0700
commit7aa17d099577730d2d65332896b74d5865b22abf (patch)
tree3b89db96164686ac921296a5a87846ee08c7e1c3 /contrib/vim
parentb0b784b1a57c0b06936e6f5d6560712b4b810cd3 (diff)
downloadpass-7aa17d099577730d2d65332896b74d5865b22abf.tar.gz
pass-7aa17d099577730d2d65332896b74d5865b22abf.tar.bz2
pass-7aa17d099577730d2d65332896b74d5865b22abf.zip
emacs: Supprt asynchronous pass operations which return output.
When using EXWM, if `password-store-get` is called and a pinentry program needs to be executed, Emacs deadlocks. This happens becuase Emacs blocks waiting for output from `gpg(1)`, which is blocked waiting for output from the pinentry-program, which is blocked waiting for Emacs to manage its window. This updates `password-store-copy` to work asynchronously. This should be fine, since its primary purpose is side-effecting, and it doesn’t matter when its evaluation completes. The ability to call `password-store-get` asynchronously with a callback has also been added to support this usecase. A new function has been added for general cases of async `pass` commands where the output is needed, `password-store--run-1`. While there is an existing `password-store--run-async`, it discards output -- it’s only used for `pass edit`, where it’s not needed. The body of `password-store--run` has been replacing it with one that uses `--run-1` and a wait loop which blocks until it’s complete. Supporting all this necessitated moving the file to lexical binding and dropping Emacs 24 support. The latter requirement could be worked around if there are concerns around it. **SECURITY INTERLUDE** I was unbelievably distressed to discover that the implementation of `password-store--run` redirects the decrypted file contents to disk, reads that into a buffer, then removes the file. This approach is preposterous and may warrant a CVE, as it exposes users to numerous conditions where their cleartext passwords could be recovered: - If the user hits C-g, the Emacs function may not get to the point of removing the file, leaving the password on disk. - It’s not a safe assumption that `make-temp-file` is secure, and even if it were, the time windows in play are likely to be very large, opening race conditions where the file contents can be read by an attacker before the file is removed. - Even if the file is removed, it could be recovered by examining the contents of deleted inodes. Information this sensitive should NEVER be persisted in cleartext in non-volatile storage. You may as well write it on a post-it and stick it on your monitor. re NicolasPetton/pass#25
Diffstat (limited to 'contrib/vim')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-70-g09d2 (git 2.46.2) at 2024-10-14 08:21:37 +0000
y remove next char if /Jason A. Donenfeld1-3/+2 From Kevin: I found a small bug in the zsh completions. Basically when the PASSWORD_STORE_DIR ends in a slash the first character of the result is eaten, making completion essentially useless. (It does this before determining matches). This can be fixed by changing what is line 106 in my version from: _values -C 'passwords' $(find -L "$prefix" \( -name .git -o -name .gpg-id \) -prune -o $@ -print | sed -e "s#${prefix}.##" -e 's#\.gpg##' | sort) to _values -C 'passwords' $(find -L "$prefix" \( -name .git -o -name .gpg-id \) -prune -o $@ -print | sed -e "s#${prefix}/\\?##" -e 's#\.gpg##' | sort) The difference is the first sed regex expression. The original version assumed that the next character was a slash and removed it while the new version only removes it if it is a slash. "s#${prefix}.##" -> "s#${prefix}/\\?##" Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Kevin Cox <kevincox@kevincox.ca> 2014-04-22Import Von's tests, with cleanups.Jason A. Donenfeld19-2/+1146 2014-04-22insert: exit with error if EOFJason A. Donenfeld1-2/+2 2014-04-21insert: Go to top of loop if invalid read.Jason A. Donenfeld1-2/+2 2014-04-21makefile: install completion automatically and adjust lib pathsJason A. Donenfeld1-12/+30 2014-04-20Use sort -u instead of uniqJason A. Donenfeld1-2/+2 2014-04-20Don't use subshells for reading from find.Jason A. Donenfeld1-4/+4 2014-04-19bash-completion: fix completion-file's name in uninstallschalox1-1/+1 2014-04-19platform: Auto-detect local platform fileJason A. Donenfeld2-3/+3 In fact, if we're running from the source directory, just auto-detect the platform file in the first place. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-04-19platform: Allow custom platform file before installJason A. Donenfeld2-3/+5 The new environment variable, PASSWORD_STORE_PLATFORM_FILE is now used for loading custom platform files while pass lives as src/password-store.sh. After it is installed using 'make install', this environment variable is no longer used, and either no platform file is loaded (if the default platform is acceptable), or a hardcoded also-installed platform file is referenced. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-04-18reencrypt: cleaner temp file declarationJason A. Donenfeld1-4/+4 2014-04-18Remove unneeded semicolon.Jason A. Donenfeld1-14/+14 2014-04-18Check sneaky paths.Jason A. Donenfeld1-0/+15 2014-04-18Pruning: turns out rmdir does it for us with -p.Jason A. Donenfeld1-9/+3 2014-04-18Abstract remove empty directories into function.Jason A. Donenfeld1-14/+11 2014-04-18Remember to prune empty folders.Jason A. Donenfeld1-0/+8 2014-04-18init: allow deinitializationJason A. Donenfeld2-2/+18 2014-04-18bash-completion: filter dot files from resultsJason A. Donenfeld1-3/+8 2014-04-18reencrypt: remove option, do automaticallyJason A. Donenfeld5-39/+25 2014-04-18reencryption: add to completion filesJason A. Donenfeld3-1/+5 2014-04-18Specify variable gpg.Jason A. Donenfeld1-1/+1 2014-04-18style: don't escape new line on &&Jason A. Donenfeld1-2/+2 2014-04-18reencryption: remove temporary file on failureJason A. Donenfeld1-1/+1 2014-04-18reencryption: only reencrypt files when requiredJason A. Donenfeld2-16/+37 2014-04-17cp: typo as cvJason A. Donenfeld1-1/+1 2014-04-17bash: gpg_id is localJason A. Donenfeld1-0/+1 2014-04-17move/copy: always reencrypt passwords at destinationJason A. Donenfeld5-25/+56 2014-04-17makefile: allow platform files with gnu sedJason A. Donenfeld1-7/+8 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-04-17mv: Add pass mv/rename supportJason A. Donenfeld5-3/+78 Based-on-work-by: Matthieu Weber <mweber@free.fr> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-04-17revelation2pass: add plain XML importJavali1-11/+15 I found that revelatio2pass.py script doesn't work. It can not decrypt my password file. I got following error message: raceback (most recent call last): File "git/password-store/contrib/importers/revelation2pass.py", line 159, in <module> main(args.FILE, verbose=args.verbose, xml=args.xml) File "git/password-store/contrib/importers/revelation2pass.py", line 140, in main cleardata_gz = decrypt_gz(password, data) File "git/password-store/contrib/importers/revelation2pass.py", line 117, in decrypt_gz ct = c.decrypt(cipher_text[28:]) File "/usr/lib/python2.7/site-packages/Crypto/Cipher/blockalgo.py", line 295, in decrypt return self._cipher.decrypt(ciphertext) I was unable to fix the problem, but I created a workaround, that add plain XML import option to the revelation2pass.py script. Revelation can export its password file as plain XML format. 2014-04-17platform: add cygwin supportJason A. Donenfeld2-1/+17 According to Brandon Jones, all we need to do is adjust /dev/clipboard from xclip. So we add a platform specific file to do so. http://www.relaytheurgency.com/2014/04/pass-in-cygwin-relatively-simple.html Suggested-by: Brandon Jones <jones.brandon.lee@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>