From d22cef0c2cd9862f4b3fb3e9583485df2db385be Mon Sep 17 00:00:00 2001
From: kn <kn@openbsd.org>
Date: Mon, 19 Feb 2024 13:53:03 +0000
Subject: [PATCH] Avoid passphrase in temporary file

bioctl(8) uses readpassphrase(3) RPP_REQUITE_TTY, so always pass stdin,
but only use it over TTY with -s in unattended mode.

Prodding afresh1 sthen
"much better" sthen
---
 distrib/miniroot/install.sub | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub
index c15feb93c3e..a9c72283e37 100644
--- a/distrib/miniroot/install.sub
+++ b/distrib/miniroot/install.sub
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: install.sub,v 1.1259 2024/02/11 21:56:10 kn Exp $
+#	$OpenBSD: install.sub,v 1.1260 2024/02/19 13:53:03 kn Exp $
 #
 # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
 # Copyright (c) 2015, Robert Peichaer <rpe@openbsd.org>
@@ -3123,9 +3123,7 @@ encrypt_root() {
 			;;
 		[pP]*)  $AI || break
 			ask_passphrase 'New passphrase?'
-			PASSFILE=/tmp/i/passfile
-			(umask 077 && print -r -- "$_passphrase" >$PASSFILE)
-			_args=-p$PASSFILE
+			_args=-s
 			break
 			;;
 		[nN]*)	return
@@ -3139,8 +3137,10 @@ encrypt_root() {
 	md_prep_fdisk $_chunk
 	echo 'RAID *' | disklabel -w -A -T- $_chunk
 
-	bioctl -Cforce -cC -l${_chunk}a $_args softraid0 >/dev/null
-	rm -fP $PASSFILE
+	# Standard input is ignored in interactive mode.
+	print -r -- "$_passphrase" |
+		bioctl -Cforce -cC -l${_chunk}a $_args softraid0 >/dev/null
+	unset _passphrase
 
 	# No volumes existed before asking, but we just created one.
 	ROOTDISK=$(get_softraid_volumes)
-- 
2.20.1