From: Reiner Steib <reinersteib+gmane@imap.cc>
Cc: Daiki Ueno <ueno@unixuser.org>,
Satyaki Das <satyaki@chicory.stanford.edu>,
Simon Josefsson <jas@extundo.com>
Subject: Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region)
Date: Sat, 02 Sep 2006 13:16:05 +0200 [thread overview]
Message-ID: <v9mz9itt6y.fsf_-_@marauder.physik.uni-ulm.de> (raw)
In-Reply-To: <v9iroj49cz.fsf@marauder.physik.uni-ulm.de> (Reiner Steib's message of "Sat, 06 May 2006 14:37:48 +0200")
[ Adding emacs-devel; therefore not trimming quotes. See
<http://thread.gmane.org/gmane.emacs.devel/43396/focus=52626> for
the rest of the discussion. ]
On Sat, May 06 2006, Reiner Steib wrote:
> On Thu, Apr 27 2006, Romain Francoise wrote:
>
>> Daiki Ueno <ueno@unixuser.org> writes:
>>
>>> For example, the original PGG does not use `call-process-region' for
>>> security reason -- this function writes data to a temporary file.
>
> Did you check which versions of Emacs or XEmacs do this? (I don't
> have the C sources here ATM, so I can't check myself.)
In current Emacs CVS in fact `call-process-region' uses temp files.
Bad. I think this is a severe security problem, isn't it? I think
this should be fixed before the release.
>>> About three years ago, Gnus decided to use `call-process-region' in
>>> PGG to avoid display blinking.
>>
>> The current version of PGG in the trunk doesn't do that anymore.
>> That sounds like a good enough reason to sync that version in v5-10!
>
> Maybe we should rather revert the change introducing
> `call-process-region' [1]?
The revered patch doesn't apply anymore. Could someone please look
for a possibility to avoid `call-process-region' in
`pgg-gpg-process-region' or suggest an alternative solution?
> Have all the problems that led us to revert pgg-gpg.el before the
> 5.10.8 release been fixed in the trunk version (or in Daiki's
> version)?
>
> Bye, Reiner.
>
> [1]
> ,----[ ChangeLog.2 ]
> | 2003-02-08 Simon Josefsson <jas@extundo.com>
> |
> | * gnus-sum.el (gnus-summary-select-article): Remove blink removal
> | code that only worked under Emacs.
> |
> | * pgg-gpg.el (pgg-gpg-process-region): Don't blink. From Satyaki
> | Das <satyaki@chicory.stanford.edu>.
> `----
>
> --- pgg-gpg.el 2 Nov 2002 04:27:00 -0000 6.8
> +++ pgg-gpg.el 8 Feb 2003 18:58:23 -0000 6.9
> @@ -59,27 +59,22 @@
> (errors-buffer pgg-errors-buffer)
> (orig-mode (default-file-modes))
> (process-connection-type nil)
> - process status exit-status)
> + exit-status)
> (with-current-buffer (get-buffer-create errors-buffer)
> (buffer-disable-undo)
> (erase-buffer))
> (unwind-protect
> (progn
> (set-default-file-modes 448)
> - (let ((coding-system-for-write 'binary))
> - (setq process
> - (apply #'start-process "*GnuPG*" errors-buffer
> - program args)))
> - (set-process-sentinel process #'ignore)
> - (when passphrase
> - (process-send-string process (concat passphrase "\n")))
> - (process-send-region process start end)
> - (process-send-eof process)
> - (while (eq 'run (process-status process))
> - (accept-process-output process 5))
> - (setq status (process-status process)
> - exit-status (process-exit-status process))
> - (delete-process process)
> + (let* ((coding-system-for-write 'binary)
> + (input (buffer-substring-no-properties start end)))
> + (with-temp-buffer
> + (when passphrase
> + (insert passphrase "\n"))
> + (insert input)
> + (setq exit-status
> + (apply #'call-process-region (point-min) (point-max) program
> + nil errors-buffer nil args))))
> (with-current-buffer (get-buffer-create output-buffer)
> (buffer-disable-undo)
> (erase-buffer)
> @@ -87,12 +82,8 @@
> (let ((coding-system-for-read 'raw-text-dos))
> (insert-file-contents output-file-name)))
> (set-buffer errors-buffer)
> - (if (memq status '(stop signal))
> - (error "%s exited abnormally: '%s'" program exit-status))
> - (if (= 127 exit-status)
> - (error "%s could not be found" program))))
> - (if (and process (eq 'run (process-status process)))
> - (interrupt-process process))
> + (if (not (equal exit-status 0))
> + (error "%s exited abnormally: '%s'" program exit-status))))
> (if (file-exists-p output-file-name)
> (delete-file output-file-name))
> (set-default-file-modes orig-mode))))
--
,,,
(o o)
---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/
next parent reply other threads:[~2006-09-02 11:16 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b4maca88q6i.fsf@jpl.org>
[not found] ` <def1aabc-69b9-4b1d-bb84-e65c63540eac@well-done.deisui.org>
[not found] ` <b4mmze82cse.fsf@jpl.org>
[not found] ` <b4mwtdbfqob.fsf@jpl.org>
[not found] ` <9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org>
[not found] ` <b4mpsj3gw1s.fsf@jpl.org>
[not found] ` <b4my7xrfg5o.fsf@jpl.org>
[not found] ` <4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org>
[not found] ` <87fyjz2gaj.fsf@pacem.orebokech.com>
[not found] ` <v9iroj49cz.fsf@marauder.physik.uni-ulm.de>
2006-09-02 11:16 ` Reiner Steib [this message]
2006-09-02 13:16 ` Security flaw in pgg-gpg-process-region? Daiki Ueno
2006-09-02 13:49 ` Daiki Ueno
2006-09-03 15:16 ` Richard Stallman
2006-09-04 1:36 ` Daiki Ueno
2006-09-04 17:18 ` Richard Stallman
2006-09-04 17:45 ` Daiki Ueno
2006-09-04 17:48 ` David Kastrup
2006-09-05 5:06 ` Daiki Ueno
2006-09-05 15:10 ` Chong Yidong
2006-09-06 8:49 ` Richard Stallman
2006-09-06 9:25 ` Daiki Ueno
2006-09-07 6:54 ` Richard Stallman
2006-09-06 8:49 ` Richard Stallman
2006-09-03 15:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Richard Stallman
2006-09-03 16:28 ` Security flaw in pgg-gpg-process-region? Florian Weimer
2006-09-04 2:04 ` Daiki Ueno
2006-09-04 2:25 ` Miles Bader
2006-09-05 9:43 ` Richard Stallman
2006-09-05 11:57 ` Daiki Ueno
2006-09-06 19:05 ` Richard Stallman
2006-09-06 19:33 ` gdt
2006-09-06 21:33 ` Miles Bader
2006-09-07 21:13 ` Richard Stallman
2006-09-19 10:02 ` Sascha Wilde
2006-09-19 22:56 ` Richard Stallman
2006-11-11 22:00 ` Sascha Wilde
2006-11-12 21:12 ` Richard Stallman
2006-11-12 21:38 ` Sascha Wilde
2006-11-13 20:15 ` Richard Stallman
2006-11-14 11:11 ` Sascha Wilde
2006-09-06 22:44 ` Daiki Ueno
2006-09-07 21:14 ` Richard Stallman
2006-09-06 20:11 ` Florian Weimer
2006-09-07 14:12 ` Chong Yidong
2006-09-07 21:13 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=v9mz9itt6y.fsf_-_@marauder.physik.uni-ulm.de \
--to=reinersteib+gmane@imap.cc \
--cc=Reiner.Steib@gmx.de \
--cc=jas@extundo.com \
--cc=satyaki@chicory.stanford.edu \
--cc=ueno@unixuser.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).