ykchalresp: get challange from env variable

[crepererum]

Reading a secure challenge from command line arguments isn't safe, because other users and processes are able to read them. Environment variables are considered to be safe on most Linux systems. So it would be great if ykchalresp would be able to read a challenge from an environment variable (e.g. YKCHAL) instead.

[thorduri]

Any thoughts on this @klali ?

Looking at ykchalresp.c it should be trivial to add.

[klali]

Yeah, it should be fairly easy to add. In #73 we added support for reading the challenge from a file (or STDIN). Maybe that solves the same usecase?

[thorduri]

@klali Not really.

I'm a fan of the trifecta of options being available from the command line, environment and config files.

So unless there are objections, I'll whip up a patch to read the challange from YKCHAL.

[klali]

No objections at all.

On Sep 30, 2016 11:06, "Thordur Bjornsson" [email protected] wrote:

@klali https://github.com/klali Not really.

I'm a fan of the trifecta of options being available from the command line, environment and config files.

So unless there are objections, I'll whip up a patch to read the challange from YKCHAL.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Yubico/yubikey-personalization/issues/49#issuecomment-250696566, or mute the thread https://github.com/notifications/unsubscribe-auth/AAQI3bKZYZ7tasXbjbppnkNB_AjAYBBQks5qvNEngaJpZM4CoHB0 .

[Vincent43]

Environment variables are considered to be safe on most Linux systems.

Environment variables definitely aren't considered safe for storing secrets as they leak as easy as command args i.e. with ps ewwax. I advice to not introduce new options that may work as footgun for inexperienced users. Using stdin should be the safe approach.

@klali