From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/72115 Path: news.gmane.org!not-for-mail From: Richard Riley Newsgroups: gmane.emacs.gnus.general Subject: Re: Password protection Date: Tue, 28 Sep 2010 16:43:38 +0200 Organization: aich tea tea pea dicky riley dot net Message-ID: <5139su53ol.fsf@news.eternal-september.org> References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1285685079 18842 80.91.229.12 (28 Sep 2010 14:44:39 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 28 Sep 2010 14:44:39 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M20488@lists.math.uh.edu Tue Sep 28 16:44:37 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1P0bQ4-0003rV-Nh for ding-account@gmane.org; Tue, 28 Sep 2010 16:44:37 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1P0bPw-0003Jq-5J; Tue, 28 Sep 2010 09:44:28 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1P0bPu-0003JZ-AH for ding@lists.math.uh.edu; Tue, 28 Sep 2010 09:44:26 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1P0bPh-0008P0-87 for ding@lists.math.uh.edu; Tue, 28 Sep 2010 09:44:26 -0500 Original-Received: from mail-fx0-f44.google.com ([209.85.161.44]) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1P0bPg-0007tL-00 for ; Tue, 28 Sep 2010 16:44:12 +0200 Original-Received: by fxm6 with SMTP id 6so5394335fxm.17 for ; Tue, 28 Sep 2010 07:43:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:organization :references:date:in-reply-to:message-id:user-agent:mime-version :content-type:content-transfer-encoding; bh=tLUnpjcJfPNueGjMecqOxpCeSsiOt3ThFxxnBznLLpo=; b=MsVjmj9Rp1owmv7vdhivK6oLmRRpGQxLeX63rgNF4b2d9D++d//lGHEQfHK1diNuo0 pD6cy8Qnpu7EsFVZ/RwFuF2CAn3sUSu0bGX9CVKhEm1naw8QJ9iBvjf9IlFNB8JP7lG+ 1A2j0s3GzCSWJ8m5L0CJ4msU07v5Cze91ZUlM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:subject:organization:references:date:in-reply-to:message-id :user-agent:mime-version:content-type:content-transfer-encoding; b=eRiOywXyyZIBLm911vMbmHgfE8eGpagOQRjiTMv3pgLtIwnvY/q2gAabDhYjyDGHzt 4yuvoP9gzcWdd+yxabl+18LAg+qSIZnFjnX19gzsIJaabEY4oyVhu2GP/IPZK3yXDKlb UoqgT4OVHNH9d1KTDrJd7kEXV9/xX38f9EOIQ= Original-Received: by 10.223.144.85 with SMTP id y21mr8616957fau.87.1285685021489; Tue, 28 Sep 2010 07:43:41 -0700 (PDT) Original-Received: from localhost ([85.183.18.158]) by mx.google.com with ESMTPS id u8sm3122362fah.12.2010.09.28.07.43.39 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 28 Sep 2010 07:43:40 -0700 (PDT) In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 28 Sep 2010 16:17:57 +0200") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) X-Spam-Score: -2.0 (--) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:72115 Archived-At: Lars Magne Ingebrigtsen writes: > I find it sort of puzzling that we have to jump through all these hoops > to get at credentials. I mean, Firefox users don't have to set up a gpg > agent or type their passwords a gazillion times, so why should users? You need the agent as its secure and talks to the back end to use the same keys which are used for other authentications such as ssh. Firefox doesnt. > > But then I thought about it, and it is rather complicated. It's > acceptable to store the passwords in memory (that's what Firefox does), > but it's not acceptable that any Lisp phrase can say > (get-stored-password ...), and then get the password. That's too > unsafe. > > So here's my thought: If there was a C-level function that would slurp > in your ~/.authinfo.gpg data, and then let you use it, but without > actually ever letting a Lisp-level function see the passwords -- > wouldn't that be nice? > > Here's how I see it working: > > 1) Gnus calls (authinfo-store-tokens "~/.authinfo.gpg"), and the user is > (probably) prompted for a password. > > 2) The data is stored in the C layer, probably obfuscated in some way. > > 3) A new C function is added: > > (process-send-auth process "LOGIN larsi %p\n\r" > '((:hosts ("imap.gmail.com")) > (:ports ("imaps" "imap" 443)) > (:user ("larsi")))) > > This function would then work just like `process-send-string', only that > it roots out the first matching password from the auth info first, and > expand the string sent. > > That way the Lisp application layer will never actually see the > password, but it will be able to control what's otherwise being sent, > and what credentials to use in a flexible manner. > > This should be as safe as the Firefox model. That is, if you read > /proc/mem, you can get at the passwords, but it's not trivially > available from the Lisp layer. Well, unless you set up a loopback > server or a proxy or something, but the same is the case with Firefox. > > Am I missing something obvious here? --=20 =E2=98=98 http://www.shamrockirishbar.com, http://splash-of-open-sauce.blog= spot.com/ http://www.richardriley.net