Davide Pucci
2017-11-17 09:51:19 UTC
Hi all.
I'm Davide Pucci, systems engineer and developer at I-Node S.r.l..
I got in contact with VPNC source code as I needed to make it read and load connection credentials via command line, obfuscating them in ps - or similar - process view.
So, I wrote a patch that:
1. firstly allow the group secret and the user password to be passed in command line in argv
2. secondly, included a new field in config_name_s struct to include an integer needsEncryption field, passed in config_names array, to trigger eventual obfuscation of field in process argv
3. finally, in argument parsing phase, if a field asks for encryption (obfuscation) via needsEncryption field, I populate the config value pointer with a new one, referencing a new memory location containing the original argv[i] pointing value, and replace argv[i] pointing value with a random string.
The full patch is sent as attachment.
I'm writing this just to know if there's a way to officially ask for this to be included in mainstream branch.
Waiting for any feedback.
Regards,
Davide Pucci.
**********
Davide Pucci
Systems and Software Engineer
Mob: +39 348 923 7278
Tel: +39 06 5960 2069
Fax: +39 06 5960 6185
Email: ***@i-node.it
I-node s.r.l.
We build you® .biz
Via Laurentina, 86 - 00142 Roma (RM)
Twitter: http://www.twitter.com/i_node
Sito Web: http://www.i-node.it
I'm Davide Pucci, systems engineer and developer at I-Node S.r.l..
I got in contact with VPNC source code as I needed to make it read and load connection credentials via command line, obfuscating them in ps - or similar - process view.
So, I wrote a patch that:
1. firstly allow the group secret and the user password to be passed in command line in argv
2. secondly, included a new field in config_name_s struct to include an integer needsEncryption field, passed in config_names array, to trigger eventual obfuscation of field in process argv
3. finally, in argument parsing phase, if a field asks for encryption (obfuscation) via needsEncryption field, I populate the config value pointer with a new one, referencing a new memory location containing the original argv[i] pointing value, and replace argv[i] pointing value with a random string.
The full patch is sent as attachment.
I'm writing this just to know if there's a way to officially ask for this to be included in mainstream branch.
Waiting for any feedback.
Regards,
Davide Pucci.
**********
Davide Pucci
Systems and Software Engineer
Mob: +39 348 923 7278
Tel: +39 06 5960 2069
Fax: +39 06 5960 6185
Email: ***@i-node.it
I-node s.r.l.
We build you® .biz
Via Laurentina, 86 - 00142 Roma (RM)
Twitter: http://www.twitter.com/i_node
Sito Web: http://www.i-node.it