PGP Command Line producing random temp files when input filesystem is different than output filesystem causing hanging behavior

book

Article ID: 162295

calendar_today

Updated On:

Products

PGP Command Line

Issue/Introduction

PGP Command Line producing random temp files when input filesystem is different than output filesystem.  For example, if a file that needs to be decrypted resides in c:\pgp-encryption and upon successful decryption the output needs to reside in d:\decrypted-folder, this can cause random files to be left behind in the c:\ filesystem.  This typically happens using multi-threaded operations with the PGP Commands.  Another condition which must be met to produce this is if the commands being run are multithreaded, which increases the load of commands being performed, and increases the chances of this happen. 

If these random temporary files are not cleaned up, the accumulation can cause subsequent PGP commands to hang, which could cause further processing of encryption\decryption to fail completion.  It has been observed that roughly 500-1000 of these random files left in the directory can cause this hanging behavior.

 

Cause

This scenario only happens when traversing filesystems as well as multithreaded commands being run.

Resolution

Symantec Development has resolved the behavior such that the hanging will not occur any longer during these routines.  To resolve this issue, please upgrade to PGP Command Line 10.3.2 MP11.

Workaround 1:

Adding "--temp-cleanup remove" to the encryption\decryption routines can bypass the hanging behavior.  In addition to this, incorporating manual cleanups of these random temporary files can allow further PGP commands to complete.  Using "--temp-cleanup remove" has some security considerations to keep in mind, as this bypasses the secure wipe that is performed on the files.  In a very busy environment, this data would eventually be written over, and if physical access to the server is secured, then this is less of a risk.
 

Workaround 2:

Avoiding PGP Command Line routines which traverse filesystems will also bypass this issue.  For example, if an input file resides on the C: drive, and the output is to reside on the D: drive, the file system is being traversed.  This can also happen in Linux environments in the same way.  Ensuring the input and output files reside on the same filesystem will avoid this behavior.