[pass] plain-text in edit mode [Was: Re: pass freebsd hack?]

Jason A. Donenfeld Jason at zx2c4.com
Sun Apr 13 16:57:17 CEST 2014


On Sun, Apr 13, 2014 at 1:50 PM, Job Snijders <job at instituut.net> wrote:
>
> I've also noticed that passwords are available in plain-text while in
> 'edit'-mode on a temporary mounted filesystem. Do you have plans to
> change this design and keep it strictly in memory, only accessible by
> the 'pass' program?
>

These plain-text files only exist in tmpfs or equivalent so that
they're never written to disk. Further, the umask should ensure that
these files are not readable by any other users on the system. To
date, we've seen this as a necessary design for allowing pass files to
be editable in a text editor. Even vim's gpg plugin makes use of
temporary files (afaik). But, if you have a better design
consideration, please do let the list (CC'd) know.

Jason


More information about the Password-Store mailing list