lib/44075: libnetpgp: limit the number of passphrase prompts

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/44075: libnetpgp: limit the number of passphrase prompts
From: roam%ringlet.net@localhost
Date: Tue, 9 Nov 2010 19:10:01 +0000 (UTC)

>Number:         44075
>Category:       lib
>Synopsis:       libnetpgp: limit the number of passphrase prompts
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 09 19:10:00 +0000 2010
>Originator:     Peter Pentchev
>Release:        
>Organization:
>Environment:
>Description:
There ought to be a cap on the number of times the user may enter
an invalid passphrase :)  Add to this the fact that netpgp cannot
be aborted with ^C or ^Z...
>How-To-Repeat:
Try to decrypt something, decide you don't want to do this just now, feel the 
need to switch to another terminal to 'killall netpgp' :)
>Fix:
Apply the patch at:
http://devel.ringlet.net/security/netpgp/patches/12-limit-passphrase.patch

(and yes, I'm aware that with this patch, netpgp --decrypt foo.txt.gpg with 
three wrong passphrase tries will generate an empty foo.txt; still trying to 
track this down)

Follow-Ups:
- Re: lib/44075: libnetpgp: limit the number of passphrase prompts
  - From: Alistair Crooks

Prev by Date: lib/44074: libnetpgp: fix the autodetection of armoured messages
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: lib/44074: libnetpgp: fix the autodetection of armoured messages
Next by Thread: Re: lib/44075: libnetpgp: limit the number of passphrase prompts
Indexes:

Home | Main Index | Thread Index | Old Index