From: Chong Yidong <cyd@stupidchicken.com>
To: rms@gnu.org
Cc: wilde@sha-bang.de, Werner Koch <wk@gnupg.org>,
miles@gnu.org, ueno@unixuser.org, emacs-devel@gnu.org
Subject: Re: Fix needed for communication with gpg-agent
Date: Fri, 23 Feb 2007 18:03:59 -0500 [thread overview]
Message-ID: <87hctccw80.fsf@stupidchicken.com> (raw)
In-Reply-To: <E1HKibf-0000l6-Us@fencepost.gnu.org> (Richard Stallman's message of "Fri\, 23 Feb 2007 17\:09\:35 -0500")
Richard Stallman <rms@gnu.org> writes:
> This and for non-X one could suggest to use screen and start gpg-agent
> using the option
>
> --keep-tty
>
> Ignore requests to change change the current @code{tty} respective the X
> window system's @code{DISPLAY} variable. This is useful to lock the
> pinentry to pop up at the @code{tty} or display you started the agent.
>
> on a different tty than Emacs. I know that a least one hacker is
> using it this way.
>
> That is not an acceptable solution because it calls on the user to
> do something very unusual merely in order to be able to use gpg.
This unusual approach is only if the user wants to use gpg-agent on
the console.
As I've pointed out, the way PGG communicates with gpg is quite
secure, since it is done using a pty instead of a tempfile. The two
drawbacks to entering the passphrase through PGG is that (a) Emacs is
more complicated that pinentry, so it may be more probable that Emacs
contains an exploitable bug than pinentry, and (b) your cached
passphrase might be recoverable by someone else who uses your console
when you step away.
Note that in case (b), you're screwed anyway: once a malicious
attacker has access to your console, he can install such nastier
attacks (keyboard sniffers, etc) that Emacs/PGG may be the least of
your worries.
So we're left with reason (a). I think it is sufficient to recommend
using gpg-agent under X; if the user does not want to use X, we can
say to either (i) use PGG's Elisp passphrase caching, and explain how
it's not necessarily the best thing to do because Emacs code may
harbor bugs (though we're not currently aware of any), or (ii) use the
above unusual setup if he wants to use gpg-agent.
next prev parent reply other threads:[~2007-02-23 23:03 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-17 20:57 Fix needed for communication with gpg-agent Richard Stallman
2007-02-18 17:42 ` Chong Yidong
2007-02-19 23:35 ` Miles Bader
2007-02-20 1:59 ` Chong Yidong
2007-02-22 17:31 ` Chong Yidong
2007-02-22 17:44 ` Chong Yidong
2007-02-22 18:04 ` Werner Koch
2007-02-22 18:40 ` Chong Yidong
2007-02-22 22:00 ` Sascha Wilde
2007-02-22 22:47 ` Chong Yidong
2007-02-23 20:01 ` Sascha Wilde
2007-02-24 8:28 ` Richard Stallman
2007-02-23 22:09 ` Richard Stallman
2007-02-23 23:41 ` Sascha Wilde
2007-02-25 4:06 ` Richard Stallman
2007-02-25 19:32 ` Chong Yidong
2007-02-25 19:50 ` Andreas Schwab
2007-02-25 20:22 ` David Kastrup
2007-02-26 3:27 ` Richard Stallman
2007-02-26 10:27 ` Werner Koch
2007-02-27 7:38 ` Richard Stallman
2007-02-27 8:53 ` Werner Koch
2007-02-28 2:37 ` Richard Stallman
2007-02-23 8:53 ` Werner Koch
2007-02-23 10:27 ` Sascha Wilde
2007-02-23 16:23 ` Chong Yidong
2007-02-23 16:47 ` Werner Koch
2007-02-23 19:37 ` Chong Yidong
2007-02-23 20:10 ` Sascha Wilde
2007-02-23 22:10 ` Richard Stallman
2007-02-23 22:09 ` Richard Stallman
2007-02-23 23:03 ` Chong Yidong [this message]
2007-02-23 17:13 ` Andreas Schwab
2007-02-23 18:30 ` Kim F. Storm
2007-02-23 18:07 ` Stefan Monnier
2007-02-24 14:08 ` Miles Bader
2007-02-23 19:35 ` Richard Stallman
2007-02-20 13:43 ` Richard Stallman
2007-02-20 15:35 ` Chong Yidong
2007-02-21 8:37 ` Richard Stallman
2007-02-21 12:04 ` Chong Yidong
2007-02-22 17:21 ` Richard Stallman
2007-02-20 15:11 ` Kim F. Storm
2007-02-20 15:45 ` Chong Yidong
2007-02-21 8:37 ` Richard Stallman
2007-02-21 13:11 ` Chong Yidong
2007-02-22 7:19 ` Richard Stallman
[not found] ` <E1HJCsN-000541-DO@fencepost.gnu.org>
2007-02-21 22:41 ` Sascha Wilde
2007-02-21 23:15 ` Kim F. Storm
2007-02-22 0:14 ` Chong Yidong
2007-02-22 8:04 ` Werner Koch
2007-02-22 12:09 ` Kim F. Storm
2007-02-22 8:13 ` Werner Koch
2007-02-23 10:22 ` Richard Stallman
2007-02-23 13:20 ` Werner Koch
2007-02-23 16:40 ` Chong Yidong
2007-02-23 22:09 ` Richard Stallman
2007-02-23 19:36 ` Richard Stallman
2007-02-23 23:25 ` Chong Yidong
2007-02-23 23:58 ` Kim F. Storm
2007-02-24 0:19 ` Chong Yidong
2007-02-24 0:57 ` Kim F. Storm
2007-02-24 9:58 ` Sascha Wilde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87hctccw80.fsf@stupidchicken.com \
--to=cyd@stupidchicken.com \
--cc=emacs-devel@gnu.org \
--cc=miles@gnu.org \
--cc=rms@gnu.org \
--cc=ueno@unixuser.org \
--cc=wilde@sha-bang.de \
--cc=wk@gnupg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).