From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: NaCl support for Emacs Date: Tue, 10 Jan 2012 07:51:08 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87k44zg1qb.fsf@lifelogs.com> References: <87lipl22xm.fsf@lifelogs.com> <87boqh20ha.fsf@lifelogs.com> <871urc46c9.fsf@uwakimon.sk.tsukuba.ac.jp> <739bsoysp.fsf@news.eternal-september.org> <87ty47r5yt.fsf@lifelogs.com> <87k452p5u3.fsf@lifelogs.com> <87liphne9e.fsf_-_@lifelogs.com> <87fwfon7gl.fsf@lifelogs.com> <87hb04icxl.fsf@lifelogs.com> <87pqesgwnj.fsf@lifelogs.com> <4F0BAA1C.5020804@dancol.org> <87ty43g4r6.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1326199908 27316 80.91.229.12 (10 Jan 2012 12:51:48 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 10 Jan 2012 12:51:48 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jan 10 13:51:45 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RkbB2-0004St-M0 for ged-emacs-devel@m.gmane.org; Tue, 10 Jan 2012 13:51:44 +0100 Original-Received: from localhost ([::1]:47414 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkbB2-0000oo-02 for ged-emacs-devel@m.gmane.org; Tue, 10 Jan 2012 07:51:44 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:39822) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkbAu-0000oN-Rd for emacs-devel@gnu.org; Tue, 10 Jan 2012 07:51:42 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RkbAm-0004LD-5h for emacs-devel@gnu.org; Tue, 10 Jan 2012 07:51:36 -0500 Original-Received: from lo.gmane.org ([80.91.229.12]:35779) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkbAl-0004Ki-Lc for emacs-devel@gnu.org; Tue, 10 Jan 2012 07:51:28 -0500 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RkbAi-0004Ij-RS for emacs-devel@gnu.org; Tue, 10 Jan 2012 13:51:24 +0100 Original-Received: from c-76-28-40-19.hsd1.vt.comcast.net ([76.28.40.19]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jan 2012 13:51:24 +0100 Original-Received: from tzz by c-76-28-40-19.hsd1.vt.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jan 2012 13:51:24 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 29 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: c-76-28-40-19.hsd1.vt.comcast.net User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Cancel-Lock: sha1:vhJ6f279FkxpPArJc56d/DJBmr0= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:147565 Archived-At: On Tue, 10 Jan 2012 06:45:49 -0500 Ted Zlatanov wrote: TZ> On Mon, 09 Jan 2012 19:01:48 -0800 Daniel Colascione wrote: DC> On 1/9/12 5:43 PM, Ted Zlatanov wrote: >>> Calling out to an external process is less secure than using built-in >>> encryption primitives. So while in general you're right, in this case >>> I'll respectfully disagree. It may be convenient but it's not secure. DC> If an attacker can read the bytes sent over a pipe between your Emacs DC> and its GPG subprocess, you've already lost. I'm not sure what DC> reasonable definition of "secure" you meant to use here. TZ> I'm being polite. I sent this off too quickly accidentally. I was writing that I don't want to say Emacs is insecure currently, only that it can be made more so. To answer your question, the risk of calling an external process is not limited to just the IPC (although that can be compromised too, depending on the platform and its security model). On Unix an attacker can replace /usr/bin/gpg, for instance--that's much easier than compromising the kernel. The risk is in the external dependency, not GPG in particular. My point is, if we can gain some security by using libnettle, which is already part of Emacs when it's compiled with GnuTLS, then it makes sense to do it. The cost is minimal. Ted