NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

lib/44075: libnetpgp: limit the number of passphrase prompts



>Number:         44075
>Category:       lib
>Synopsis:       libnetpgp: limit the number of passphrase prompts
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 09 19:10:00 +0000 2010
>Originator:     Peter Pentchev
>Release:        
>Organization:
>Environment:
>Description:
There ought to be a cap on the number of times the user may enter
an invalid passphrase :)  Add to this the fact that netpgp cannot
be aborted with ^C or ^Z...
>How-To-Repeat:
Try to decrypt something, decide you don't want to do this just now, feel the 
need to switch to another terminal to 'killall netpgp' :)
>Fix:
Apply the patch at:
http://devel.ringlet.net/security/netpgp/patches/12-limit-passphrase.patch

(and yes, I'm aware that with this patch, netpgp --decrypt foo.txt.gpg with 
three wrong passphrase tries will generate an empty foo.txt; still trying to 
track this down)



Home | Main Index | Thread Index | Old Index