From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Re: Fix needed for communication with gpg-agent Date: Thu, 22 Feb 2007 17:47:24 -0500 Message-ID: <87k5y9olmr.fsf@stupidchicken.com> References: <87irdzs6pp.fsf@stupidchicken.com> <87fy91g1pl.fsf@catnip.gol.com> <87wt2dk2rv.fsf@stupidchicken.com> <873b4yt7xx.fsf@stupidchicken.com> <87ps82ukz8.fsf@wheatstone.g10code.de> <87slcynii0.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1172184486 14925 80.91.229.12 (22 Feb 2007 22:48:06 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 22 Feb 2007 22:48:06 +0000 (UTC) Cc: Werner Koch , Daiki Ueno , emacs-devel@gnu.org, rms@gnu.org, Miles Bader To: Sascha Wilde Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Feb 22 23:47:59 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1HKMjG-0001N3-AZ for ged-emacs-devel@m.gmane.org; Thu, 22 Feb 2007 23:47:58 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HKMjF-0005Rj-RC for ged-emacs-devel@m.gmane.org; Thu, 22 Feb 2007 17:47:57 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HKMj5-0005Re-GG for emacs-devel@gnu.org; Thu, 22 Feb 2007 17:47:47 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HKMj4-0005RW-5y for emacs-devel@gnu.org; Thu, 22 Feb 2007 17:47:46 -0500 Original-Received: from south-station-annex.mit.edu ([18.72.1.2]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HKMj3-0008D8-9M; Thu, 22 Feb 2007 17:47:45 -0500 Original-Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by south-station-annex.mit.edu (8.13.6/8.9.2) with ESMTP id l1MMlhK5023799; Thu, 22 Feb 2007 17:47:44 -0500 (EST) Original-Received: from outgoing-legacy.mit.edu (OUTGOING-LEGACY.MIT.EDU [18.7.22.104]) by central-city-carrier-station.mit.edu (8.13.6/8.9.2) with ESMTP id l1MMlR0Y003992; Thu, 22 Feb 2007 17:47:28 -0500 (EST) Original-Received: from localhost (MAIN-TWELVE-FOUR-EIGHTY-THREE.MIT.EDU [18.19.6.228]) ) by outgoing-legacy.mit.edu (8.13.6/8.12.4) with ESMTP id l1MMlOwu021712; Thu, 22 Feb 2007 17:47:25 -0500 (EST) Original-Received: from cyd by localhost with local (Exim 3.36 #1 (Debian)) id 1HKMii-0001u4-00; Thu, 22 Feb 2007 17:47:24 -0500 In-Reply-To: (Sascha Wilde's message of "Thu\, 22 Feb 2007 23\:00\:49 +0100") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.93 (gnu/linux) X-Scanned-By: MIMEDefang 2.42 X-Spam-Score: 0 X-detected-kernel: Solaris 9.1 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:66649 Archived-At: Sascha Wilde writes: > I think this suggestion is based on a misunderstanding -- the security > problems in the current implementation (when not using gpg-agent) has > nothing to do with caching, it comes form the fact, that emacs writes > the the passphrase to an temporary file (which is then feed to gpg). Maybe I'm confused, but I think this is not the problem. >>From what I recall, the issue was that an older version of pgg used the function call-process-region. This was a genuine security hole, since call-process-region uses a tempfile to communicate with the process. The current version of pgg in Emacs CVS uses start-process to create an asynchronous gpg process, and communicates with it using process-send-string. On systems that support ptys, Emacs communicates with asynchronous processes through ptys (see create_process in process.c:1815), not tempfiles. Unless there is some security risk in the way we use ptys that I'm not aware of, I don't think there is a problem in the way we communicate with gpg.