command line safety
You take the password for oathtool on the commandline, as the first positional argument. I know that as a dangerous thing to do, because it will show up in ps
and other places like /proc/*/cmdline
.
I see that the very first line of code you run is
set_program_name (argv[0]);
which sounds very aggressive and right. But I tried running pgrep vs oathtool in a race to see who would win and sometimes pgrep wins, running in the time after exec()
but before you run any code:
while true; do oathtool --totp abcd; done
while true; do pgrep -laf oathtool; done
22942 oathtool
32612 oathtool --totp abcd
8960 oathtool --totp abcd
24718 oathtool
30258 oathtool
5514 oathtool
22132 oathtool
26058 oathtool
351 oathtool
6278 oathtool
9960 oathtool
13657 oathtool
22880 oathtool
28403 oathtool
11140 oathtool
24035 oathtool
850 oathtool
1223 oathtool --totp abcd
8974 oathtool
12721 oathtool
21924 oathtool
(also I think setproctitle() is unreliable/non-existent on some systems, like uh, FreeBSD? I forget at the moment)
So, that's not good. It means I can use oathtool for tests and designing, but I can't plug it into my auth systems without risking a (admittedly local-only) attack exposing my keys.
:(