From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#37196: 27.0.50; auth-source no longer obfuscates passwords Date: Fri, 20 Sep 2019 22:05:34 +0200 Message-ID: <87woe27my9.fsf@gnus.org> References: <87woey2960.fsf@gnus.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="222750"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) To: 37196@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Sep 20 22:06:12 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iBPAS-000voR-5H for geb-bug-gnu-emacs@m.gmane.org; Fri, 20 Sep 2019 22:06:12 +0200 Original-Received: from localhost ([::1]:35196 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iBPAR-0006LC-3m for geb-bug-gnu-emacs@m.gmane.org; Fri, 20 Sep 2019 16:06:11 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40121) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iBPAK-0006Kl-2r for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:06:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iBPAI-00070e-PD for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:06:04 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:49750) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iBPAI-00070Z-LU for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:06:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iBPAI-0002yC-7C for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:06:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 20 Sep 2019 20:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37196 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 37196-submit@debbugs.gnu.org id=B37196.156900994311382 (code B ref 37196); Fri, 20 Sep 2019 20:06:02 +0000 Original-Received: (at 37196) by debbugs.gnu.org; 20 Sep 2019 20:05:43 +0000 Original-Received: from localhost ([127.0.0.1]:58571 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBP9y-0002xV-Lu for submit@debbugs.gnu.org; Fri, 20 Sep 2019 16:05:43 -0400 Original-Received: from quimby.gnus.org ([80.91.231.51]:35186) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBP9v-0002xF-U9 for 37196@debbugs.gnu.org; Fri, 20 Sep 2019 16:05:40 -0400 Original-Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iBP9q-0005gY-V0 for 37196@debbugs.gnu.org; Fri, 20 Sep 2019 22:05:38 +0200 In-Reply-To: <87woey2960.fsf@gnus.org> (Lars Ingebrigtsen's message of "Tue, 27 Aug 2019 12:29:43 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:166799 Archived-At: Lars Ingebrigtsen writes: > Emacs got a better pretty printer for compiled code sometime over the > last few years, and that means that the obfuscator that auth-source uses > no longer works. (It puts the password into a closure.) > > With the following in ~/.authinfo > > machine foo.bar login zot password foobar > > we get > > (auth-source-search :max 1 :host "foo.bar") > => ((:host "foo.bar" :user "zot" :secret #[0 "" [("foobar") (nil)] 3])) > > with the "foobar" clearly printed out. This should be fixed by > obfuscating the password in a different way. I have now done this -- (auth-source-search :max 1 :host "foo.bar") => ((:host "foo.bar" :user "zot" :secret #[0 "..." [(103 112 112 99 98 115) (nil) apply string mapcar 1-] 6])) It's not exactly super-secret, but I think that's as far as we can get here. I briefly considered having a per-session nonce stored in memory, and then using an encryption primitive to obfuscate the data (that would mean that anybody mistakenly mailing these around wouldn't be able to root out the password without having access to the running Emacs instance). Hm. Now that I typed that, it strikes me that this should be rather trivial to do with gnutls-symmetric-encrypt on systems where that is available. I'll give it a go... > Similarly, the printed representation of auth-source-netrc-cache also > has the password in clear text now. This was already OK. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no