From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: secret strings (was: lexbind: how to replace lexical-let approach to hide secrets) Date: Fri, 01 Apr 2011 14:52:05 +0900 Message-ID: <87hbaia58a.fsf@uwakimon.sk.tsukuba.ac.jp> References: <4D926EA9.5080509@gmail.com> <4D92AD2B.40502@gmail.com> <87lizwd9lt.fsf_-_@lifelogs.com> <87ei5n8ffi.fsf@lifelogs.com> <87hbaivju2.fsf@uwakimon.sk.tsukuba.ac.jp> <87ei5moa61.fsf_-_@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1301636837 1442 80.91.229.12 (1 Apr 2011 05:47:17 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 1 Apr 2011 05:47:17 +0000 (UTC) Cc: emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Apr 01 07:47:13 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q5XCT-00058F-3z for ged-emacs-devel@m.gmane.org; Fri, 01 Apr 2011 07:47:13 +0200 Original-Received: from localhost ([127.0.0.1]:40796 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q5XCS-0007v9-8a for ged-emacs-devel@m.gmane.org; Fri, 01 Apr 2011 01:47:12 -0400 Original-Received: from [140.186.70.92] (port=34524 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q5XCH-0007uz-Ft for emacs-devel@gnu.org; Fri, 01 Apr 2011 01:47:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q5XCG-0006NV-Fc for emacs-devel@gnu.org; Fri, 01 Apr 2011 01:47:01 -0400 Original-Received: from mgmt2.sk.tsukuba.ac.jp ([130.158.97.224]:43196) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q5XCG-0006NK-40 for emacs-devel@gnu.org; Fri, 01 Apr 2011 01:47:00 -0400 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by mgmt2.sk.tsukuba.ac.jp (Postfix) with ESMTP id 242729701C3; Fri, 1 Apr 2011 14:46:55 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 5D3581A3A82; Fri, 1 Apr 2011 14:52:06 +0900 (JST) In-Reply-To: <87ei5moa61.fsf_-_@lifelogs.com> X-Mailer: VM 8.1.93a under 21.5 (beta29) "garbanzo" eac2e6bd5b2c+ XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 130.158.97.224 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:137969 Archived-At: Ted Zlatanov writes: > SJT> In the end it's up to the application to manage these secrets. > > I strongly disagree that the consumer should have to wipe secrets when > done with them. That simply shifts the burden of managing secrets > without easing it. (defmacro with-secret-strings (variable-list &rest body) `(unwind-protect (progn ,@body) (mapc #'wipe-secret-string ,variable-list))) Was that so hard? > Obviously data has to come from somewhere. It can come from the > environment and from files and from IPC and from process pipes. Emacs > can provide functions that read directly from those sources into a > secret string. Sure. One for every such source .... > Hiding secrets from backtraces and printing is another matter. That we > can do with `lexical-let' or the approach Stefan showed so I think it's > a solved problem. I've changed the subject to reflect we're discussing > "secret strings" now, though the name is not very good. Well, I don't care about the name, but I don't see a use case where the users are really protected.