Assuming this code works, what is wrong with the functionality from a security and crypto perspective?
# This program encrypts and decrypts messages at the command line.
# It runs setuid root, so that it can be used by users without giving
# them access to the (root-owned) secret encryption key.
cipher = OpenSSL::Cipher::Cipher.new(‘aes-256-ecb’)
puts “Usage: $0 [encrypt|decrypt] ”
input = File.open(ARGV.shift)
output = File.open(OUTPUT_FILE, “w”)
input.each_line do |l|
output.write(cipher << l)
Here are a few hints…
I found 4 crypto related problems and one security/privilege escalation issue.