<p dir="ltr">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256</p>
<p dir="ltr">At first I thought signatures was a good idea, but after thinking about it I'm not sure they would actually improve security in any way. I mean, they would protect you from malicious pass subcommands - but if an attacker can write in your home directory, or even just a single directory in $PATH, you're owned anyway. With full write access, they can add a malicious "pass" wrapper script and prepend it to $PATH in .{ba,z}shrc. With write access in $PATH they can just add the malicious code without modifying $PATH. Then they wait for you to unlock your key with `pass show` and then go nuts with the key unlocked in the agent. At this point they can add and sign new subcommands as well, and those will be impossible to tell apart from authentic subcommands.
<br>
<br>
With this in mind, I'm not convinced that any security is gained by requiring subcommands to be signed. Instead, users would think they're safer than they are, and be less careful with their $PATHs. As the saying goes, bad security is worse than no security.
<br>
<br>
I say leave it up to the user to keep their $PATH clean, because I don't see a reliable way to do it automatically. If git pulls are a concern, you can instead ensure that any commits you fetch are signed before you merge them.
<br>
<br>
/Emil
<br>
-----BEGIN PGP SIGNATURE-----</p>
<p dir="ltr">iQJFBAEBCAAvKBxFbWlsIEx1bmRiZXJnIDxsdW5kYmVyZy5lbWlsQGdtYWlsLmNv<br>
bT4FAlW852EACgkQHSBkP9nuM68FzQ//RYkl34x+N1vaaSKRcBLvYPkzR3HmDu+2<br>
e77whC1RsbGr522zcQ2KEOmjRmaE3Yk3/H9TFra/iFUDRiLBxXlXf5LKvL6QLnZ7<br>
Qe+44YTg0RtPM4cVaK/Aoo1GYmyPh7rgEoQWSThTURxQDIkGX58yBIa8dCbSTCKA<br>
BwO7CR6MWWQpKFlk5uuyjXPzD0nBWfxVleiHzd/J12wYrNTmL/RCgzaYEaIli7JF<br>
vlsHDk2moTjw719pPpZZGmLv4Ek+98ueY1UI9x/37lLBMqxays1yuQD8KLjhJUFo<br>
c0DRgjTGsjobSJAo5VeUJifmJS13vEb3CCkbmbCb7/zkd6oJx1kPz80lBZqddn+2<br>
ZlAmHOhcNw6gCcSGcxiCeYH5y0WHO+zDcAExZ8b9cA+FEMchEZaJTfRn3uh8wQ/e<br>
UjCCkzNG9+S2kUVDCTSFyqBUNP8WxVxpKSDt8ppIwGP13yNC8kRf3Fv5wHOzqR5d<br>
VFo/cxeZCI84EOPo+GFxQTHZR5oU5xuBF03BdNVOKXmyp2ssFsxIptS6s9QfiDpL<br>
5WljRJbz1I/RqdTLSxXRPOxJwxQaXp4ew7F5ZnMHitRS35hL8MWaCnkGxOgXf5co<br>
HybdclncaLwdGqFmePQaT7DgZjIu1QB5jAq2S5gcFiNAnmGmn8aM7K34lWm9iFno<br>
MnwxtgwUs/U=<br>
=uqOQ<br>
-----END PGP SIGNATURE-----<br>
</p>
<br><div class="gmail_quote"><div dir="ltr">On Sat, 1 Aug 2015 16:58 Lenz Weber <<a href="mailto:mail@lenzw.de">mail@lenzw.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
It may be a good idea to require those hooks to be GPG-signed by the
pass user to avoid malicious additions to the git repo.</div><div bgcolor="#FFFFFF" text="#000000"><br>
<br>
Am 01.08.2015 um 12:42 schrieb Steffen Vogel:<br>
<span style="white-space:pre-wrap">> Hi,<br>
><br>
>> What about a system similar to Git[1] where subcommands
are just<br>
>> exectuables in your $PATH?<br>
><br>
> Having a „pass-age“ sub-command somewhere in
$PATH:~/.password-store/.hooks/ ?<br>
> Thats a nice idea :-) I like it.<br>
><br>
>> This has some benefits over keeping commands in your
password store:<br>
>><br>
>> * pass doesn't have to care about special or "blessed"
directories<br>
>> * Subcommands can be written in any language<br>
>> * It's easy for third party packages to add new commands<br>
>><br>
>> Plus if you want to keep your passwords and custom
commands together you<br>
>> can add ~/.password-store/.hooks (or whatever it may be)
to your $PATH.<br>
><br>
> Convinced :-) I’d like to keep the addons together with my
passwords.<br>
> This way, I can sync my add ons using „pass git pull“.<br>
><br>
> I would say, that we should agree to a hidden subdir in
~/.password-store which gets automatically added to $PATH by pass.<br>
><br>
> Some proposals (which one do you like?)<br>
><br>
> ~/.password-store/.hooks/<br>
> ~/.password-store/.addons/<br>
> ~/.password-store/.plugins/<br>
> ~/.password-store/.subcommands/<br>
> ~/.password-store/.extensions/<br>
><br>
> Kind Regards,<br>
><br>
> Steffen<br>
><br>
> PS: I will prepare a patch soon (tm).<br>
><br>
> —<br>
><br>
> Steffen Vogel<br>
> Robensstraße 69<br>
> 52070 Aachen<br>
><br>
> Mail: <a href="mailto:post@steffenvogel.de" target="_blank">post@steffenvogel.de</a><br>
> Mobil: +49 1575 7180927<br>
> Web: <a href="http://www.steffenvogel.de" target="_blank">http://www.steffenvogel.de</a><br>
> Jabber: <a href="mailto:steffen.vogel@jabber.rwth-aachen.de" target="_blank">steffen.vogel@jabber.rwth-aachen.de</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Password-Store mailing list<br>
> <a href="mailto:Password-Store@lists.zx2c4.com" target="_blank">Password-Store@lists.zx2c4.com</a><br>
> <a href="http://lists.zx2c4.com/mailman/listinfo/password-store" target="_blank">http://lists.zx2c4.com/mailman/listinfo/password-store</a></span><br>
<br></div><div bgcolor="#FFFFFF" text="#000000">
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJVvN55AAoJED87gGHnFM0sVkEH/2rowojY7ipv95xCW4phzYNK
<br>
f9Ab5RSlAUP8yLdiBWck+rJ788W1/v4gKFSitKytuOSgN/PVZRS7IN/Kaza2RdGv
<br>
sX/stzL5jirvVfxga28u71xjk+DnQx8y+ImUOYiB3eGz6W59AZh0l9IOAfnlbFTo
<br>
Nt/ZN/7XXYLJJdsQTDPO79oZFkNnTsK9q9FED8YGEpN7KyeE7g1bVeFATMdEfhze
<br>
t39Xb6RTFPMwPudID1rQTmAsrPJ315ihgja/66UM3oW9eEXbXXAEIFZPbXp6+b3d
<br>
fJU0f0KL8tAWpqMajh+1ztzWJBfeR60P4/QqT3X4lLBFacP4g7ON7i91e3Rx184=
<br>
=ddwE
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</div>
_______________________________________________<br>
Password-Store mailing list<br>
<a href="mailto:Password-Store@lists.zx2c4.com" target="_blank">Password-Store@lists.zx2c4.com</a><br>
<a href="http://lists.zx2c4.com/mailman/listinfo/password-store" rel="noreferrer" target="_blank">http://lists.zx2c4.com/mailman/listinfo/password-store</a><br>
</blockquote></div>