[PATCH] Unused file .gpg at password-store path: bug

Marcelo Akira marcelo.akira at gmail.com
Wed Sep 12 20:57:46 CEST 2018 

Em qua, 12 de set de 2018 às 04:23, Flitter, Lars <
password-store at larsflitter.de> escreveu:

> this way you allow to pass generate a .gpg file that pass will never be
> able to read again.
>

I only used 'pass generate' as an example to reproduced this bug. I
sincerely don't know how a .gpg file was created in ~/.password-store.

>
> Instead of fixing the symptom I suggest to fix the cause: Change generate
> to not create .gpg files without a basename.
>
Indeed  a .gpg file in ~/.password-store is not usual. But something
unprevisible happened and I think the software should be 'fault tolerant',
reacting normally when abnormality happen. If I knew all the situations
that created this unused file, I could securily fix only the cause(s). So,
'fix the symptom' seems not to be a bad idea, I think.

Cheers,
> Lars
>
> On 12.09.2018 03:45, Marcelo Akira wrote:
>
> Hi,
>
> I accidentally created an unused file .gpg at password-store path and
> since command 'pass list' not worked anymore.
>
> You can reproduce this bug with this commands:
>
> $ pass generate ''
> The generated password for  is:
> hE+>?(yHpYah2EIH\D2,j=z&t
> $ ls -la ~/.password-store/.gpg
> -rw------- 1 akira akira 348 set 11 22:32 /home/akira/.password-store/.gpg
> $ pass list
> hE+>?(yHpYah2EIH\D2,j=z&t
>
> To prevent this, pass could ignore the file (~/.password-store/.gpg):
>
> diff --git a/src/password-store.sh b/src/password-store.sh
> index d89d455..3fac380 100755
> --- a/src/password-store.sh
> +++ b/src/password-store.sh
> @@ -363,7 +363,7 @@ cmd_show() {
>         local path="$1"
>         local passfile="$PREFIX/$path.gpg"
>         check_sneaky_paths "$path"
> -       if [[ -f $passfile ]]; then
> +       if [[ -f $passfile ]] && ! [[ -z $path ]]; then
>                 if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then
>                         pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" |
> $BASE64)" || exit $?
>                         echo "$pass" | $BASE64 -d
>
> Thanks,
> --
> Marcelo Akira Inuzuka
>
>
> _______________________________________________
> Password-Store mailing listPassword-Store at lists.zx2c4.comhttps://lists.zx2c4.com/mailman/listinfo/password-store
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>


-- 
Marcelo Akira Inuzuka
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180912/b8168c7f/attachment-0001.html>

More information about the Password-Store mailing list