From: Florian Weimer <fw@deneb.enyo.de>
Cc: satyaki@chicory.stanford.edu, Reiner.Steib@gmx.de,
Daiki Ueno <ueno@unixuser.org>,
ding@gnus.org, emacs-devel@gnu.org, jas@extundo.com
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Wed, 06 Sep 2006 22:11:37 +0200 [thread overview]
Message-ID: <87ac5coiva.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <E1GKXSp-0002f5-Gr@fencepost.gnu.org> (Richard Stallman's message of "Tue, 05 Sep 2006 05:43:27 -0400")
* Richard Stallman:
> It would probably be fairly simple to change the implementation to
> unlink the temp file _before_ writing the contents and pass only the
> still-open file-descriptor (after rewinding) to Fcall_process (or
> rather, to some common subroutine derived from Fcall_process).
>
> We would have to unlink the file before writing the contents into it.
This doesn't achieve much, I'm afraid. Even unnamed files can be
written to disk by the kernel. It's not much different from
passphrases stored in process images ending up in the swap file,
though. I'm pretty sure I looked at the situation when I wrote gpg.el
a couple of years ago, and decided that all things considered, it's
not terribly important. It's a significant PR issue, admittedly, but
back then, I didn't care about that. 8-)
As Greg suggested, the passphrase handling should be moved from Emacs
into a separate process (which may request special privileges to lock
memory regions etc.).
next prev parent reply other threads:[~2006-09-06 20:11 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b4maca88q6i.fsf@jpl.org>
[not found] ` <def1aabc-69b9-4b1d-bb84-e65c63540eac@well-done.deisui.org>
[not found] ` <b4mmze82cse.fsf@jpl.org>
[not found] ` <b4mwtdbfqob.fsf@jpl.org>
[not found] ` <9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org>
[not found] ` <b4mpsj3gw1s.fsf@jpl.org>
[not found] ` <b4my7xrfg5o.fsf@jpl.org>
[not found] ` <4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org>
[not found] ` <87fyjz2gaj.fsf@pacem.orebokech.com>
[not found] ` <v9iroj49cz.fsf@marauder.physik.uni-ulm.de>
2006-09-02 11:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Reiner Steib
2006-09-02 13:16 ` Security flaw in pgg-gpg-process-region? Daiki Ueno
2006-09-02 13:49 ` Daiki Ueno
2006-09-03 15:16 ` Richard Stallman
2006-09-04 1:36 ` Daiki Ueno
2006-09-04 17:18 ` Richard Stallman
2006-09-04 17:45 ` Daiki Ueno
2006-09-04 17:48 ` David Kastrup
2006-09-05 5:06 ` Daiki Ueno
2006-09-05 15:10 ` Chong Yidong
2006-09-06 8:49 ` Richard Stallman
2006-09-06 9:25 ` Daiki Ueno
2006-09-07 6:54 ` Richard Stallman
2006-09-06 8:49 ` Richard Stallman
2006-09-03 15:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Richard Stallman
2006-09-03 16:28 ` Security flaw in pgg-gpg-process-region? Florian Weimer
2006-09-04 2:04 ` Daiki Ueno
2006-09-04 2:25 ` Miles Bader
2006-09-05 9:43 ` Richard Stallman
2006-09-05 11:57 ` Daiki Ueno
2006-09-06 19:05 ` Richard Stallman
2006-09-06 19:33 ` gdt
2006-09-06 21:33 ` Miles Bader
2006-09-07 21:13 ` Richard Stallman
2006-09-19 10:02 ` Sascha Wilde
2006-09-19 22:56 ` Richard Stallman
2006-11-11 22:00 ` Sascha Wilde
2006-11-12 21:12 ` Richard Stallman
2006-11-12 21:38 ` Sascha Wilde
2006-11-13 20:15 ` Richard Stallman
2006-11-14 11:11 ` Sascha Wilde
2006-09-06 22:44 ` Daiki Ueno
2006-09-07 21:14 ` Richard Stallman
2006-09-06 20:11 ` Florian Weimer [this message]
2006-09-07 14:12 ` Chong Yidong
2006-09-07 21:13 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ac5coiva.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=Reiner.Steib@gmx.de \
--cc=ding@gnus.org \
--cc=emacs-devel@gnu.org \
--cc=jas@extundo.com \
--cc=satyaki@chicory.stanford.edu \
--cc=ueno@unixuser.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.