From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Re: Fix needed for communication with gpg-agent Date: Sun, 25 Feb 2007 14:32:16 -0500 Message-ID: <87bqjivxrz.fsf@stupidchicken.com> References: <87irdzs6pp.fsf@stupidchicken.com> <87fy91g1pl.fsf@catnip.gol.com> <87wt2dk2rv.fsf@stupidchicken.com> <873b4yt7xx.fsf@stupidchicken.com> <87ps82ukz8.fsf@wheatstone.g10code.de> <87slcynii0.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1172432005 24372 80.91.229.12 (25 Feb 2007 19:33:25 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sun, 25 Feb 2007 19:33:25 +0000 (UTC) Cc: Sascha Wilde , wk@gnupg.org, miles@gnu.org, ueno@unixuser.org, emacs-devel@gnu.org To: rms@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Feb 25 20:33:18 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1HLP7V-0006M4-Ts for ged-emacs-devel@m.gmane.org; Sun, 25 Feb 2007 20:33:18 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HLP7V-0002PJ-UQ for ged-emacs-devel@m.gmane.org; Sun, 25 Feb 2007 14:33:17 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HLP70-0002I1-BL for emacs-devel@gnu.org; Sun, 25 Feb 2007 14:32:46 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HLP6z-0002Hk-QF for emacs-devel@gnu.org; Sun, 25 Feb 2007 14:32:45 -0500 Original-Received: from south-station-annex.mit.edu ([18.72.1.2]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HLP6z-0003fo-8K; Sun, 25 Feb 2007 14:32:45 -0500 Original-Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by south-station-annex.mit.edu (8.13.6/8.9.2) with ESMTP id l1PJWgfa018877; Sun, 25 Feb 2007 14:32:43 -0500 (EST) Original-Received: from outgoing-legacy.mit.edu (OUTGOING-LEGACY.MIT.EDU [18.7.22.104]) by grand-central-station.mit.edu (8.13.6/8.9.2) with ESMTP id l1PJWQB2023340; Sun, 25 Feb 2007 14:32:27 -0500 (EST) Original-Received: from localhost (SYDNEYPACIFIC-FORTY.MIT.EDU [18.95.5.40]) ) by outgoing-legacy.mit.edu (8.13.6/8.12.4) with ESMTP id l1PJWHGB025537; Sun, 25 Feb 2007 14:32:17 -0500 (EST) Original-Received: from cyd by localhost with local (Exim 3.36 #1 (Debian)) id 1HLP6W-0000e0-00; Sun, 25 Feb 2007 14:32:16 -0500 In-Reply-To: (Richard Stallman's message of "Sat\, 24 Feb 2007 23\:06\:16 -0500") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.94 (gnu/linux) X-Scanned-By: MIMEDefang 2.42 X-Spam-Score: -2.599 X-detected-kernel: Solaris 9.1 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:66801 Archived-At: Richard Stallman writes: > But there are still some more subtle security problems left, which > IIRC were discussed in the original thread, too: If emacs caches the > passphrase there is no way to protect the passphrase from being > written to swap, when the system decides to swap out parts of emacs. > > If we turn off caching of the passphrase in Emacs, does this problem > go away? Not really. The risk here occurs when you have a password stored in cleartext in memory (for example, it is stored in the Lisp string just before we are about to send it to gpg). If memory get written to the swap file, it can be read by root. This is arguably a security hole because it makes it too easy for root to find people's passwords (granted, root can easily steal passwords anyway, but it arguably shouldn't be *this* easy.) But if you are concerned enough about root stealing your passwords in this way, you wouldn't mind running in X or performing the other workarounds that exist for that problem.