This file is indexed.

/usr/share/apache2/ask-for-passphrase is in apache2 2.4.25-3+deb9u6.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/bash
#
#    ask-for-passphrase - designed to be used by SSLPassPhraseDialog exec:
#
#    Copyright Canonical, Ltd. 2010, All Rights Reserved
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

sitename=$1
keytype=$2

log="logger -p daemon.err -t apache2"

prompt="Enter passphrase for SSL/TLS keys for $sitename ($keytype):"

# Apache gives us a pipe for stdin, but we want to
# talk to apache's terminal.
tty=`tty < /proc/${PPID}/fd/0`
if [ "$tty" = "not a tty" ] ; then
	if [ -x /bin/systemd-ask-password ] ; then
		exec /bin/systemd-ask-password --timeout=0 "$prompt"
	elif [ -x /bin/plymouth ] && plymouth --ping ; then
		echo $prompt | logger
		exec plymouth ask-for-password --prompt="$prompt"
	else
		$log "No way to ask user for passphrase"
		exit 1
	fi
	$log "Passphrase prompt failed"
	exit 1
fi

# We must not print anything on stdout except the passphrase
read -s -p "$prompt" passphrase > $tty 2>&1 < $tty
echo > $tty
echo "$passphrase"