From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63654
Path: news.gmane.org!not-for-mail
From: Daiki Ueno <ueno@unixuser.org>
Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Tue, 05 Sep 2006 02:45:53 +0900
Message-ID: <2234179d-6686-49f4-b38b-b06788041225@well-done.deisui.org>
References: <b4maca88q6i.fsf@jpl.org>
	<def1aabc-69b9-4b1d-bb84-e65c63540eac@well-done.deisui.org>
	<b4mmze82cse.fsf@jpl.org> <b4mwtdbfqob.fsf@jpl.org>
	<9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org>
	<b4mpsj3gw1s.fsf@jpl.org> <b4my7xrfg5o.fsf@jpl.org>
	<4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org>
	<87fyjz2gaj.fsf@pacem.orebokech.com>
	<v9iroj49cz.fsf@marauder.physik.uni-ulm.de>
	<v9mz9itt6y.fsf_-_@marauder.physik.uni-ulm.de>
	<8980fd83-08b6-4aef-97f2-a659cd2eadb2@well-done.deisui.org>
	<180dcf90-af71-4f6d-b0d0-57d364218c73@broken.deisui.org>
	<E1GJti6-0003U0-No@fencepost.gnu.org>
	<6d43cc51-e472-405c-b372-dba7ef5a914d@broken.deisui.org>
	<E1GKI5D-00005c-8Y@fencepost.gnu.org>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Trace: sea.gmane.org 1157392019 13423 80.91.229.2 (4 Sep 2006 17:46:59 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Mon, 4 Sep 2006 17:46:59 +0000 (UTC)
Cc: ding@gnus.org, Reiner.Steib@gmx.de, emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 04 19:46:57 2006
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1GKIWe-00070b-B8
	for ged-emacs-devel@m.gmane.org; Mon, 04 Sep 2006 19:46:26 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1GKIWd-0006Nc-VB
	for ged-emacs-devel@m.gmane.org; Mon, 04 Sep 2006 13:46:23 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1GKIWU-0006NN-Ao
	for emacs-devel@gnu.org; Mon, 04 Sep 2006 13:46:14 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1GKIWS-0006Ml-Mv
	for emacs-devel@gnu.org; Mon, 04 Sep 2006 13:46:14 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1GKIWS-0006Mg-JS
	for emacs-devel@gnu.org; Mon, 04 Sep 2006 13:46:12 -0400
Original-Received: from [221.255.76.220] (helo=localhost)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.52) id 1GKIgz-0003yR-8L; Mon, 04 Sep 2006 13:57:05 -0400
Original-Received: from localhost ([127.0.0.1] helo=well-done.deisui.org ident=ueno)
	by localhost with esmtp (Exim 4.63)
	(envelope-from <ueno@unixuser.org>)
	id 1GKIW9-0001PF-V3; Tue, 05 Sep 2006 02:45:54 +0900
Original-To: rms@gnu.org
X-Attribution: DU
In-Reply-To: <E1GKI5D-00005c-8Y@fencepost.gnu.org> (Richard Stallman's message
	of "Mon, 04 Sep 2006 13:18:03 -0400")
User-Agent: T-gnus/6.17.4 (based on No Gnus v0.4) EMIKO/1.14.1
	(Choanoflagellata) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6
	XEmacs/21.4.16 (i686-pc-linux) MULE
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:59329 gmane.emacs.gnus.general:63654
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/63654>

>>>>> In <E1GKI5D-00005c-8Y@fencepost.gnu.org> 
>>>>>	Richard Stallman <rms@gnu.org> wrote:
>     Yes it does.  To solve them we should revert a couple of changes from
>     Satyaki Das

>     http://article.gmane.org/gmane.emacs.gnus.general/49947 (1)
>     http://article.gmane.org/gmane.emacs.gnus.general/50457 (2)

> I'm sure your right that these changes caused a problem.
> I am sure there was also a motive for the changes.
> Do you know what it was?

There are appearantly two motives as he mentioned in the above article.

First, in (1) he didn't like the "display blinking" behavior since PGG
had been used asynchronous process instead of synchronous process.
As he said, this was not a real problem.

Second, (1) causes a problem which forbids using ISO-8859-1 characters
in passphrases.  So he proposed (2), but it was not a correct fix
(passphrases should be encoded in locale-coding-system rather than just
making them unibyte) and it was not working before the reversion.  I
think this is not so important problem, since it can be avoided by using
ASCII only passphrases in practice.

> If the changes solved some problems,
> does reverting the changes bring those problems back?

If you think "display blinking" is really a problem, it can be resolved
by simply binding (inhibit-redisplay t) in pgg-gpg-*-region.

The latter problem is bit difficulut to solve in the right way.

Regards,
-- 
Daiki Ueno