From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Ihor Radchenko <yantar92@posteo.net>
Newsgroups: gmane.emacs.devel
Subject: Re: Storing sensitive data indefinitely in variables or buffers:
 Whether and how to fix?
Date: Wed, 31 May 2023 08:02:53 +0000
Message-ID: <87fs7dnd1u.fsf@localhost>
References: <bf0942aa-fd27-bec4-13cd-ec115a622b97@vodafonemail.de>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="38897"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: emacs-devel@gnu.org
To: Jens Schmidt <jschmidt4gnu@vodafonemail.de>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed May 31 10:00:01 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1q4GkT-0009uH-Ee
	for ged-emacs-devel@m.gmane-mx.org; Wed, 31 May 2023 10:00:01 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1q4GjW-0005FU-96; Wed, 31 May 2023 03:59:02 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <yantar92@posteo.net>)
 id 1q4Gj7-0005ER-R1
 for emacs-devel@gnu.org; Wed, 31 May 2023 03:58:38 -0400
Original-Received: from mout02.posteo.de ([185.67.36.66])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <yantar92@posteo.net>)
 id 1q4Gj5-00042V-Jc
 for emacs-devel@gnu.org; Wed, 31 May 2023 03:58:37 -0400
Original-Received: from submission (posteo.de [185.67.36.169]) 
 by mout02.posteo.de (Postfix) with ESMTPS id 0F98F240105
 for <emacs-devel@gnu.org>; Wed, 31 May 2023 09:58:31 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1685519911; bh=cfGPq/RWU0zJ83zxWC7/t24Hq8/1Q7lbG/+5ukJBRVA=;
 h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:From;
 b=EiCvQG08PBQmlWi0rhvp+Hjkh8JYDFOoLOThSYN2uE8lGcaLxrXdHZZ2zU/jJKBQ5
 uJSX7LVwudJJOgqLkoDxJmYkFF/hqbQVBFy3YkeySrPSOiVUmJhTnshGJZ6VtYPIXc
 xYzkxfksP/fGVljRL0gsWQ1AUNMipHBKuFBLjwhq4fxZJBMsmlAEAr8vFX5W0bWHyv
 4/cTqpn2K2FANyRimqysRJFmQTkhOm3YOmzQhy1/j5Tj+QD+o3rxpB5XE707tj5EQg
 tZb9pFKCZ7PiM6WbbIp8hWqzaORGzJl08hbJgTvCoJbf8fXuyU6eoPbv4SBy6TbQQn
 CpEyYO9ZSOOhQ==
Original-Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4QWM8Q4YS1z6tyJ;
 Wed, 31 May 2023 09:58:30 +0200 (CEST)
In-Reply-To: <bf0942aa-fd27-bec4-13cd-ec115a622b97@vodafonemail.de>
Received-SPF: pass client-ip=185.67.36.66; envelope-from=yantar92@posteo.net;
 helo=mout02.posteo.de
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:306434
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/306434>

Jens Schmidt <jschmidt4gnu@vodafonemail.de> writes:

> plstore.el stores clear-text sensitive data in a number of places in a
> running emacs without automatically expiring it as, for example,
> password-cache does.

To add on the issue, we had a somewhat similar problem related to
org-persist library that stores cached data.

https://list.orgmode.org/orgmode/CAM9ALR8fuSu0YWS1SehRw7sYxprJFX-r2juXd_DgvCYVKQc95Q@mail.gmail.com/

Within that thread, a concern have been raised about storing data
related to files from encrypted file system. Even the file names (for
example, stored by recentf) from encrypted FS may be considered
sensitive if they are stored as plain text.

I have considered two approaches there:
1. Expiry, when the data may persist within Emacs session, but is never
   written on disk.
2. Encrypting the stored data (similar to .authinfo.gpg)

> 1. As usually, fixing these decreases convenience.  Is that OK?

IMHO, at least some people are extremely sensitive about storing
sensitive data in plain text. I'd say that it is better to avoid storing
sensitive data in plain text by default. Possibly, with a toggle to
enable such risky storage for users who know what they are doing.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>