[1057] in linux-net channel archive
Rewrite DIP-337n-inaky to handle script file encryption
daemon@ATHENA.MIT.EDU (Raj Mathur)
Wed Sep 6 02:37:58 1995
Date: Mon, 4 Sep 95 07:26 IST(+0530)
From: raju@gratis.xgroup.ernet.in (Raj Mathur)
To: linux-net@vger.rutgers.edu
Cc: linux-apps@vger.rutgers.edu
Reply-To: raju@xgroup.ernet.in
DIP is very nice except for minor irritant -- I hate to see
unencrypted passwords lying around in script files. I agree that the
user can be prompted to enter the login and password once the
connection is made, but that won't work for an unattended shell script
or cron job. To take care of this problem I'm proposing to do a bit of
rewriting which allows DIP to handle encrypted script files, with the
pass{word,phrase} to be given once by the user (perhaps as an
environment variable). Subsequently when DIP starts up (with the new
-d option?) it uses this password to decrypt the script file and runs
it.
Going through the source code the easiest method seemed to be to
modify do_command so that it reads commands from memory rather than a
file (is anyone really worried about loading a whole script file into
memory?). Then the calling routine (main, I think) can be fixed so
that it decrypts and loads the script into memory if decryption is
required, otherwise it can just open the file and mmap it.
Some issues which have arisen out of my preliminary thoughts on this
topic are:
- Has anyobody already done this?
- Is anybody except me really interested in such a feature?
- Passing the password as an environment variable will work OK for
running DIP through an unattended shell script (give the password once
at startup). Can an equally easy method of handling it through cron
jobs be devised?
- I had envisaged PGP encryption for the script file. Is this a Good
Idea? What are the alternatives?
- (Asked earlier) Does anyone use scripts so large that loading them
completely into memory could become an issue?
Feedback welcome; flames > /dev/null.
-- Raju
--
Raj Mathur The X Group New Delhi India
PGP: Fingerprint: F2 D4 4A 21 27 B0 63 FF 15 97 9D AE 9D 40 BC B8
2.6.i Key: finger raju@arbornet.org
It is the mind that moves.
