From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gustavo Barros Newsgroups: gmane.emacs.bugs Subject: bug#57856: 28.2; bookmark context strings in encrypted files Date: Fri, 16 Sep 2022 08:08:25 -0300 Message-ID: <87bkrfh77i.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; format=flowed Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="38281"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.8.10; emacs 28.2 To: 57856@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Sep 16 13:48:23 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oZ9pW-0009gw-I2 for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 16 Sep 2022 13:48:22 +0200 Original-Received: from localhost ([::1]:59456 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oZ9pV-0003Wf-4m for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 16 Sep 2022 07:48:21 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:48440) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oZ9pC-0003WW-4g for bug-gnu-emacs@gnu.org; Fri, 16 Sep 2022 07:48:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:42889) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oZ9pB-0005TG-SA for bug-gnu-emacs@gnu.org; Fri, 16 Sep 2022 07:48:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oZ9pB-0000N5-No for bug-gnu-emacs@gnu.org; Fri, 16 Sep 2022 07:48:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Gustavo Barros Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 16 Sep 2022 11:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 57856 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.16633288491301 (code B ref -1); Fri, 16 Sep 2022 11:48:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 16 Sep 2022 11:47:29 +0000 Original-Received: from localhost ([127.0.0.1]:41967 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oZ9of-0000Ku-5c for submit@debbugs.gnu.org; Fri, 16 Sep 2022 07:47:29 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:38858) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oZ9od-0000Km-Nd for submit@debbugs.gnu.org; Fri, 16 Sep 2022 07:47:28 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:48698) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oZ9od-0003Hl-H7 for bug-gnu-emacs@gnu.org; Fri, 16 Sep 2022 07:47:27 -0400 Original-Received: from mail-qv1-xf30.google.com ([2607:f8b0:4864:20::f30]:38661) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oZ9ob-0005IP-M5 for bug-gnu-emacs@gnu.org; Fri, 16 Sep 2022 07:47:27 -0400 Original-Received: by mail-qv1-xf30.google.com with SMTP id i15so16419729qvp.5 for ; Fri, 16 Sep 2022 04:47:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:message-id:date:subject:to:from:user-agent:sender:from :to:cc:subject:date; bh=zCIWa2ZeT7WgNTBVLVPXP8lEy6IkRg18iYmDdtYwIWY=; b=elwu6p65+AH4iRnybbzLTqMpmEmj3nycbq8EoUwXk4/cY4BODg11Cs5jyA965gXAlQ Rv1GAy5hzaj486rTJw/3oZf7xIHudX4No5IgwFz3/7DQlfimv1ODog8gU817cIDslqfH dJzZsGKApqqnJDIN5TocxH907gjH2wtoAKkoAHw1vphy1QBnkdIvJi6HqHob4lQ5Ljb5 D8TGW/G//sKUD2LpxbNJ8Vw74p0hqn3SK3N+1SoVfG9xYtOvkU2Lzr8IFDQCnMzFN4dx CqsKLZ45FNl96nL8lLqDWg8EWle4xoQAzI7Iiuk0lK6yJFi4Mc/TsP4REMZDHUrisstJ tKgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:message-id:date:subject:to:from:user-agent:sender :x-gm-message-state:from:to:cc:subject:date; bh=zCIWa2ZeT7WgNTBVLVPXP8lEy6IkRg18iYmDdtYwIWY=; b=14+lrdV/C3fhWAqlQhPoDfil8Zs9FdHEeamEaeSyOSY0dkueVHQPBNkdQhkhnVDZyB pv9nEP9VbdDjuXGJU4SD1b+x/Wcv6viijSV71jOeCKyqrDT9VvGjw1CdCHPKrbOMRW8A PvjirLGUc71WmclCd6RkVcjgb3lOdXd4UfPr1kJcnSJl5gPV+QMNssR8HPYvljJUooTZ 8TYowxoaJE58JT0mM8KVlxTyPBaei9SJRVoWK0FK5U2TSThgSJ3YO8BDkQBp8aYXoP23 rrH3NxevweOlKQZmOXEBaDpzLFQihiTNwed6Jo3XPwJz8GyplbjPEyexsyVSD3Kf2Bi8 2cDg== X-Gm-Message-State: ACrzQf31ShDAjwoHqalyMrrwbNWZzHA6ixjZghIyxf4s9X4DTGtdufAJ uzqJ0WduuXTxdWmO1xyb0KvTTF8hqH8= X-Google-Smtp-Source: AMsMyM6cCnYQyhlzHAlCIW30DDYlwYeenhqf+tEg8iesSHLHKH2h6gXJcwJMyyfdWsVcow37iaN+2g== X-Received: by 2002:ad4:5282:0:b0:4a9:b75a:e33a with SMTP id v2-20020ad45282000000b004a9b75ae33amr3808652qvr.67.1663328839625; Fri, 16 Sep 2022 04:47:19 -0700 (PDT) Original-Received: from gusbrs-laptop ([102.129.152.129]) by smtp.gmail.com with ESMTPSA id z185-20020a37b0c2000000b006bb9e4b96e6sm5820238qke.24.2022.09.16.04.47.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Sep 2022 04:47:18 -0700 (PDT) Received-SPF: pass client-ip=2607:f8b0:4864:20::f30; envelope-from=gusbrs.2016@gmail.com; helo=mail-qv1-xf30.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:242740 Archived-At: Hi All, I guess this one is midway between a bug report and a feature request. I don't see that this is anyway against expected/documented behavior of involved libraries (bookmark.el, epg.el), but it is arguably a bad corner case of interaction between the two, which represents a (small) potential security issue. Currently (Emacs 28.2), when setting a bookmark in a gpg encrypted file, part of the buffer is stored unencrypted as `front-context-string' and `rear-context-string' in the `bookmark-default-file' whenever `bookmark-search-size' is larger than 0, which by default is 16. It could be argued that it is unwise to set a bookmark in this context. But, well, users do all kind of stuff. Besides, Emacs provides no hint that this may be risky (as far as I can tell). So it would be nice if Emacs would be a little more conservative here, and locally set `bookmark-search-size' to 0 in buffers visiting encrypted files. I think it'd be overkill to provide a full reproduction recipe, since most of it would just be to set up environment (key etc.) for GPG. But anyone who already has a setup and an encrypted file can reproduce the following simple steps (which I have tested in an .org.gpg file with `emacs -Q'): Visit the encrypted file. Set a bookmark with `bookmark-set' ("C-x r m") somewhere near a non-empty part of the buffer. Save bookmarks with `bookmark-save'. Inspect `bookmark-default-file' (by default "~/.emacs.d/bookmarks"), particularly `front-context-string' and `rear-context-string' of the pertinent bookmark, to find part of the original encrypted file stored there unencrypted. Best regards, Gustavo. In GNU Emacs 28.2 (build 2, x86_64-pc-linux-gnu, GTK+ Version 3.24.20, cairo version 1.16.0) of 2022-09-12 built on gusbrs-laptop Windowing system distributor 'The X.Org Foundation', version 11.0.12013000 System Description: Linux Mint 20.3 Configured using: 'configure --with-mailutils --with-xwidgets --with-native-compilation --without-compress-install' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NATIVE_COMP NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND THREADS TIFF TOOLKIT_SCROLL_BARS X11 XDBE XIM XPM XWIDGETS GTK3 ZLIB Important settings: value of $LC_MONETARY: pt_BR.UTF-8 value of $LC_NUMERIC: pt_BR.UTF-8 value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t indent-tabs-mode: t transient-mark-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug sendmail bookmark pp vc-git diff-mode vc-dispatcher org-element avl-tree generator ol-eww eww xdg url-queue thingatpt mm-url ol-rmail ol-mhe ol-irc ol-info ol-gnus nnselect gnus-search eieio-opt cl-extra help-mode speedbar ezimage dframe gnus-art mm-uu mml2015 mm-view mml-smime smime dig gnus-sum shr kinsoku svg dom browse-url url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util url-parse url-vars mailcap gnus-group gnus-undo gnus-start gnus-dbus dbus xml gnus-cloud nnimap nnmail mail-source utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range message rmc puny rfc822 mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader gnus-win gnus nnheader gnus-util rmail rmail-loaddefs auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs password-cache rfc2047 rfc2045 ietf-drums text-property-search mail-utils mm-util mail-prsvr wid-edit ol-docview doc-view jka-compr image-mode exif dired dired-loaddefs ol-bibtex ol-bbdb ol-w3m ol-doi org-link-doi org ob ob-tangle ob-ref ob-lob ob-table ob-exp org-macro org-footnote org-src ob-comint org-pcomplete pcomplete comint ansi-color ring org-list org-faces org-entities noutline outline easy-mmode org-version ob-emacs-lisp ob-core ob-eval org-table oc-basic json map bibtex iso8601 time-date subr-x ol rx org-keys oc org-compat advice org-macs org-loaddefs format-spec find-func cal-menu calendar cal-loaddefs cl-loaddefs cl-lib seq byte-opt gv bytecomp byte-compile cconv epa-file epa derived epg rfc6068 epg-config iso-transl tooltip eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice button loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads xwidget-internal dbusbind inotify lcms2 dynamic-setting system-font-setting font-render-setting cairo move-toolbar gtk x-toolkit x multi-tty make-network-process native-compile emacs) Memory information: ((conses 16 238516 14883) (symbols 48 20306 0) (strings 32 72413 2731) (string-bytes 1 2383288) (vectors 16 36730) (vector-slots 8 659339 39456) (floats 8 313 89) (intervals 56 312 0) (buffers 992 11))