pass edit leaking secrets

Adrian Larumbe aml at lrmb.eu
Sat Nov 13 01:43:16 UTC 2021


A similar thing happened to me not long ago, when I realised Emacs was saving
backups for every single password file I was editing manually after
creation. This of course left me horrified, and the ensuing round of
investigations as to how to stop it from generating backup files for my
encrypted passwords yielded no fruits at all. Not a single Google search or
asking in #emacs at libera.chat taught me how to stop this from happening.

I didn't want to get rid of the automatic backup feature altogether, because
it's saved my life quite a few times, but there seemed to be no way to tell
Emacs not to backup password files when invoked as a client through its UNIX
socket, maybe by matching filenames against a regular expression.

In the end I gave up completely, and because I didn't want to touch my $EDITOR
only for the password manager, I came up with the following wrapper, which I put
into ~/sh/pass and then adding that directory to my PATH variable:

#!/usr/bin/zsh -f
export EDITOR=vim
/usr/bin/pass $@

This does the trick, but making sure my old password file backups were gone for
good meant I had to overwrite all remaining disc space with 0's.

Cheers,
Adrian

On 21.07.2021 13:54, Patrik Keller wrote:
> Dear all,
> 
> it's probably no news for you, but running `pass edit secret` might leak 
> information to persistent storage if `$EDITOR` is not configured 
> properly. I got hit by this after switching from vim to neovim. The 
> latter defaults to storing swap, undo, and backup files in the user's 
> home directory [0].
> 
> My personal thoughts on this are:
> 1. Neovim should not have changed the default.
> 2. `pass edit` should warn about the potential leakage.
> 3. I want to set the password editor independent of `$EDITOR`.
> 
> I could imagine the following workflow for `pass edit`:
> 1. Prefer `$PASS_EDITOR` over `$EDITOR` over `vi`.
> 2. If `$PASS_EDITOR` is not set print a warning about the potential 
> leakage and ask for confirmation.
> 3. Proceed as before.
> 
> Do you know a better solution? Maybe one that works w/o changing pass?
> 
> Best
> Patrik
> 
> 0: https://github.com/neovim/neovim/issues/4481


More information about the Password-Store mailing list