Re: [ANNOUNCE] experiemental dpkg available

To: Ben Collins <bcollins@debian.org>
Cc: Michael Beattie <mickyb@es.co.nz>, Debian Developers List <debian-devel@lists.debian.org>
Subject: Re: [ANNOUNCE] experiemental dpkg available
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Wed, 27 Oct 1999 22:06:10 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.991027220359.30468P-100000@localhost>
In-reply-to: <[🔎] 19991027233845.B228@lappy.djj.state.va.us>

On Wed, 27 Oct 1999, Ben Collins wrote:

> It probably would, which isn't all that insecure. Question is, some one
> needs to do it and send the patch to GPG. The alternative is gpg accepts a
> --fd-??? option that let's you tell it which fd to check for the
> passphrase, a forked process could then feed it to that fd repeatedly
> until killed.

GPG has something called 'co-process' support, basically the password
prompting program (ie your dpkg thingy) invokes gpg with a locked shared
memory segment that is used to transfer the password and other sensitive
type data. There is a library floating around that implements the clients
side stuff for co-processes, I suspect it is the proper thing to use for
this.

Alternatively you can use the slightly less secure --passphrase-fd <n>
option.

Jason

Reply to:

References:
- Re: [ANNOUNCE] experiemental dpkg available
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: [ANNOUNCE] experiemental dpkg available
Next by Date: Re: PGP 5 and debian
Previous by thread: Re: [ANNOUNCE] experiemental dpkg available
Next by thread: Re: [ANNOUNCE] experiemental dpkg available
Index(es):
- Date
- Thread