From: Chong Yidong <cyd@stupidchicken.com>
Cc: satyaki@chicory.stanford.edu, rms@gnu.org, Reiner.Steib@gmx.de,
Daiki Ueno <ueno@unixuser.org>,
ding@gnus.org, emacs-devel@gnu.org, jas@extundo.com
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Thu, 07 Sep 2006 10:12:32 -0400 [thread overview]
Message-ID: <87d5a7n4tr.fsf@furball.mit.edu> (raw)
In-Reply-To: <87ac5coiva.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "Wed\, 06 Sep 2006 22\:11\:37 +0200")
Florian Weimer <fw@deneb.enyo.de> writes:
> * Richard Stallman:
>
>> It would probably be fairly simple to change the implementation to
>> unlink the temp file _before_ writing the contents and pass only the
>> still-open file-descriptor (after rewinding) to Fcall_process (or
>> rather, to some common subroutine derived from Fcall_process).
>>
>> We would have to unlink the file before writing the contents into it.
>
> This doesn't achieve much, I'm afraid. Even unnamed files can be
> written to disk by the kernel. It's not much different from
> passphrases stored in process images ending up in the swap file,
> though. I'm pretty sure I looked at the situation when I wrote gpg.el
> a couple of years ago, and decided that all things considered, it's
> not terribly important.
In any case, I've looked into changing Fcall_process_region to do the
unlink-before-write trick, and changing Fcall_process to accept a file
descriptor. It's a rather big and messy job. Since it wouldn't
completely solve the problem anyway, could we postphone this for after
the release?
next prev parent reply other threads:[~2006-09-07 14:12 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-26 12:41 pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-26 13:22 ` Daiki Ueno
2006-04-26 22:27 ` Katsumi Yamaoka
2006-04-27 7:01 ` Katsumi Yamaoka
2006-04-27 9:36 ` Daiki Ueno
2006-04-27 10:19 ` Katsumi Yamaoka
2006-04-27 10:48 ` Katsumi Yamaoka
2006-04-27 14:45 ` Daiki Ueno
2006-04-27 15:23 ` Romain Francoise
2006-05-06 12:37 ` pgg-gpg-process-region (was: pgg-output-buffer gets created as a unibyte buffer) Reiner Steib
2006-09-02 11:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Reiner Steib
2006-09-02 13:16 ` Security flaw in pgg-gpg-process-region? Daiki Ueno
2006-09-02 13:49 ` Daiki Ueno
2006-09-03 15:16 ` Richard Stallman
2006-09-04 1:36 ` Daiki Ueno
2006-09-04 17:18 ` Richard Stallman
2006-09-04 17:45 ` Daiki Ueno
2006-09-04 17:48 ` David Kastrup
2006-09-05 5:06 ` Daiki Ueno
2006-09-05 15:10 ` Chong Yidong
2006-09-06 8:49 ` Richard Stallman
2006-09-06 9:25 ` Daiki Ueno
2006-09-07 6:54 ` Richard Stallman
2006-09-06 8:49 ` Richard Stallman
2006-09-03 15:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Richard Stallman
2006-09-03 16:28 ` Security flaw in pgg-gpg-process-region? Florian Weimer
2006-09-04 2:04 ` Daiki Ueno
2006-09-04 2:25 ` Miles Bader
2006-09-05 9:43 ` Richard Stallman
2006-09-05 11:57 ` Daiki Ueno
2006-09-06 19:05 ` Richard Stallman
2006-09-06 19:33 ` gdt
2006-09-06 21:33 ` Miles Bader
2006-09-07 21:13 ` Richard Stallman
2006-09-19 10:02 ` Sascha Wilde
2006-09-19 22:56 ` Richard Stallman
2006-11-11 22:00 ` Sascha Wilde
2006-11-12 21:12 ` Richard Stallman
2006-11-12 21:38 ` Sascha Wilde
2006-11-13 20:15 ` Richard Stallman
2006-11-14 11:11 ` Sascha Wilde
2006-09-06 22:44 ` Daiki Ueno
2006-09-07 21:14 ` Richard Stallman
2006-09-06 20:11 ` Florian Weimer
2006-09-07 14:12 ` Chong Yidong [this message]
2006-09-07 21:13 ` Richard Stallman
2006-04-27 16:08 ` pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-28 5:18 ` Katsumi Yamaoka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d5a7n4tr.fsf@furball.mit.edu \
--to=cyd@stupidchicken.com \
--cc=Reiner.Steib@gmx.de \
--cc=ding@gnus.org \
--cc=emacs-devel@gnu.org \
--cc=jas@extundo.com \
--cc=rms@gnu.org \
--cc=satyaki@chicory.stanford.edu \
--cc=ueno@unixuser.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).