From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63654 Path: news.gmane.org!not-for-mail From: Daiki Ueno Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general Subject: Re: Security flaw in pgg-gpg-process-region? Date: Tue, 05 Sep 2006 02:45:53 +0900 Message-ID: <2234179d-6686-49f4-b38b-b06788041225@well-done.deisui.org> References: <9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org> <4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org> <87fyjz2gaj.fsf@pacem.orebokech.com> <8980fd83-08b6-4aef-97f2-a659cd2eadb2@well-done.deisui.org> <180dcf90-af71-4f6d-b0d0-57d364218c73@broken.deisui.org> <6d43cc51-e472-405c-b372-dba7ef5a914d@broken.deisui.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Trace: sea.gmane.org 1157392019 13423 80.91.229.2 (4 Sep 2006 17:46:59 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 4 Sep 2006 17:46:59 +0000 (UTC) Cc: ding@gnus.org, Reiner.Steib@gmx.de, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 04 19:46:57 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1GKIWe-00070b-B8 for ged-emacs-devel@m.gmane.org; Mon, 04 Sep 2006 19:46:26 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GKIWd-0006Nc-VB for ged-emacs-devel@m.gmane.org; Mon, 04 Sep 2006 13:46:23 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GKIWU-0006NN-Ao for emacs-devel@gnu.org; Mon, 04 Sep 2006 13:46:14 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GKIWS-0006Ml-Mv for emacs-devel@gnu.org; Mon, 04 Sep 2006 13:46:14 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GKIWS-0006Mg-JS for emacs-devel@gnu.org; Mon, 04 Sep 2006 13:46:12 -0400 Original-Received: from [221.255.76.220] (helo=localhost) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1GKIgz-0003yR-8L; Mon, 04 Sep 2006 13:57:05 -0400 Original-Received: from localhost ([127.0.0.1] helo=well-done.deisui.org ident=ueno) by localhost with esmtp (Exim 4.63) (envelope-from ) id 1GKIW9-0001PF-V3; Tue, 05 Sep 2006 02:45:54 +0900 Original-To: rms@gnu.org X-Attribution: DU In-Reply-To: (Richard Stallman's message of "Mon, 04 Sep 2006 13:18:03 -0400") User-Agent: T-gnus/6.17.4 (based on No Gnus v0.4) EMIKO/1.14.1 (Choanoflagellata) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 XEmacs/21.4.16 (i686-pc-linux) MULE X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:59329 gmane.emacs.gnus.general:63654 Archived-At: >>>>> In >>>>> Richard Stallman wrote: > Yes it does. To solve them we should revert a couple of changes from > Satyaki Das > http://article.gmane.org/gmane.emacs.gnus.general/49947 (1) > http://article.gmane.org/gmane.emacs.gnus.general/50457 (2) > I'm sure your right that these changes caused a problem. > I am sure there was also a motive for the changes. > Do you know what it was? There are appearantly two motives as he mentioned in the above article. First, in (1) he didn't like the "display blinking" behavior since PGG had been used asynchronous process instead of synchronous process. As he said, this was not a real problem. Second, (1) causes a problem which forbids using ISO-8859-1 characters in passphrases. So he proposed (2), but it was not a correct fix (passphrases should be encoded in locale-coding-system rather than just making them unibyte) and it was not working before the reversion. I think this is not so important problem, since it can be avoided by using ASCII only passphrases in practice. > If the changes solved some problems, > does reverting the changes bring those problems back? If you think "display blinking" is really a problem, it can be resolved by simply binding (inhibit-redisplay t) in pgg-gpg-*-region. The latter problem is bit difficulut to solve in the right way. Regards, -- Daiki Ueno