On Mon, Jul 16, 2018 at 03:14:20PM +0200, Dashamir Hoxha wrote:
> > ++ mktemp -d /dev/shm/pw.sh.XXXXXXXXXXXXX
> > + WORKDIR=/dev/shm/pw.sh.JHasAYH9zwYz1
> > [...]
> > + decrypt /home/pkern/.pw/pw.tgz
> > + local archive=/home/pkern/.pw/pw.tgz
> > + local 'opts=--quiet --yes --batch '
> > + [[ -z '' ]]
> > + gpg2 --quiet --yes --batch --passphrase-fd 0 /home/pkern/.pw/pw.tgz.gpg
> > + local err=0
> > + [[ 0 -ne 0 ]]
> > + tar -xzf /home/pkern/.pw/pw.tgz -C /dev/shm/pw.sh.JHasAYH9zwYz1
> > + rm -f /home/pkern/.pw/pw.tgz
> >
>
> So, you have not looked at the code trying to follow the logic.
> You have just tried to debug it. This way you cannot get the full picture.
> But nevertheless it is useful for finding ways to break the script.
> By the way, you may notice that *there is* error checking there.
>
> This clearly writes the unencrypted tarball out to disk.
> >
>
> It writes to `/dev/shm` which is not disk.
So /home/pkern/.pw/pw.tgz is not "the unencrypted tarball"?
> All this happens almost instantly, it never stays unencrypted
> for a long time.
This is just wrong.
--
WBR, wRAR