diff options
| author |  http://joeyh.name/ <http://joeyh.name/@web> | 2013-07-25 17:38:39 +0000 |
|---|---|---|
| committer |  admin <admin@branchable.com> | 2013-07-25 17:38:39 +0000 |
| commit | d71f045f32885cb2b3da9b773c12bdf17c5ffb8f (patch) | |
| tree | fac2822841119c9c4095101e0946e070928b9125 | |
| parent | 0bd171ebb86d2f426ebf69e15b1746f6ef82ceb7 (diff) | |
Added a comment
| -rw-r--r-- | doc/bugs/gpg_hangs_on_glacier_remote_creation/comment_4_6441cf25e6bd62c96d7e766da9bdd7fb._comment | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/bugs/gpg_hangs_on_glacier_remote_creation/comment_4_6441cf25e6bd62c96d7e766da9bdd7fb._comment b/doc/bugs/gpg_hangs_on_glacier_remote_creation/comment_4_6441cf25e6bd62c96d7e766da9bdd7fb._comment new file mode 100644 index 000000000..d7e278416 --- /dev/null +++ b/doc/bugs/gpg_hangs_on_glacier_remote_creation/comment_4_6441cf25e6bd62c96d7e766da9bdd7fb._comment @@ -0,0 +1,25 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="2001:4978:f:21a::2" + subject="comment 4" + date="2013-07-25T17:38:38Z" + content=""" +Hmm, that strace exposes the full symmetric encryption key that git-annex has created. Thankfully, it is a single use key which will only be used for this glacier remote, so if you avoid using that remote (which is probably not usable anyway due to initremote not finishing!), the exposure won't matter. + +But, it is possible that this part is where it reads your personal gpg private key file. Hopefully the 55 bytes exposed out of the full 616 byte file are before the actual secret key data, or not enough to weaken your key. :/ + +8268 read(4, \"q\224R\236\341\264\336\23\315FTD\341\253\372\6o\206\326\376\243\326\34L\1\245;\tb\361v\\\"..., 600) = 600 +8268 read(4, \"\2548\332\257\334\237\343\354\23\224\377\377\302\264\352\21\", 16) = 16 + +It seems to be easier to social engineer people into stracing gpg and exposing data than I'd have hoped. Actually, I didn't plan to do that at all, I just wanted you to attach to gpg after this point. + +---- + +So yeah, your gpg is hanging on stdin after git-annex has sent it the \"passphrase\" (really a symmetric gpg key) on fd 3. + +The reason the directory special remote doesn't hang is because it does not use gpg to encrypt anything during the initremote process. + +I think I have a theory of what's going on with your git-annex build. It does not include the assistant, so will be built without -threaded. Using the non-threaded runtime system may be leading to a deadlock when git-annex is supposed to be simulantaneously feeding stdin to gpg and processing its stdout. I have historically had some trouble around this, and it has probably not been well tested without the threaded runtime. + +(The standalone tarball problem is due to this bug, which will hopefully be fixed soon: [[Linux_stand_alone_build_20130723_breaks_support_for_glibc_2.13_debian_stable]]) +"""]] |