From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/68738 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general Subject: Re: auth-source patch for secure logging Date: Thu, 16 Jul 2009 11:32:48 -0400 Message-ID: <87zlb4iqxr.fsf@stupidchicken.com> References: <87vdlsr9jy.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1247759979 27181 80.91.229.12 (16 Jul 2009 15:59:39 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 16 Jul 2009 15:59:39 +0000 (UTC) Cc: ding@gnus.org, emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jul 16 17:59:32 2009 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1MRTMk-0000Oc-0h for ged-emacs-devel@m.gmane.org; Thu, 16 Jul 2009 17:59:27 +0200 Original-Received: from localhost ([127.0.0.1]:58972 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MRTMg-000292-2B for ged-emacs-devel@m.gmane.org; Thu, 16 Jul 2009 11:59:22 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MRTMc-000274-1x for emacs-devel@gnu.org; Thu, 16 Jul 2009 11:59:18 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MRTMX-0001xw-L0 for emacs-devel@gnu.org; Thu, 16 Jul 2009 11:59:17 -0400 Original-Received: from [199.232.76.173] (port=49991 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MRTMX-0001xd-Ed for emacs-devel@gnu.org; Thu, 16 Jul 2009 11:59:13 -0400 Original-Received: from pantheon-po30.its.yale.edu ([130.132.50.4]:59765) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MRTMU-0001n4-2q for emacs-devel@gnu.org; Thu, 16 Jul 2009 11:59:11 -0400 Original-Received: from furry (dhcp128036014244.central.yale.edu [128.36.14.244]) (authenticated bits=0) by pantheon-po30.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id n6GFwunr002063 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 16 Jul 2009 11:58:57 -0400 Original-Received: by furry (Postfix, from userid 1000) id 34F34C106; Thu, 16 Jul 2009 11:32:48 -0400 (EDT) In-Reply-To: <87vdlsr9jy.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 16 Jul 2009 09:23:29 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.96 (gnu/linux) X-YaleITSMailFilter: Version 1.2c (attachment(s) not renamed) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.4-2.6 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:112538 gmane.emacs.gnus.general:68738 Archived-At: Ted Zlatanov writes: > Attached is a patch to auth-source.el that: > > - introduces auth-source-debug > - sets it to nil by default, so no logging is done (this changes the > previous behavior where we always log to *Messages*) > - allows t (relay to 'message) and any function as options for that > variable > > It's against the Gnus CVS, but Emacs CVS has the same contents. > > If it's possible to include this in the upcoming release, I think it > would improve security for Emacs users. It's not a critical fix, > however, so I will defer to the maintainers to decide. > > If it's accepted, please commit it to the Emacs CVS and then Miles can > sync it back to the Gnus CVS. Let's not check this into the branch. These messages are not logged by default anyway, since gnus-verbose defaults to 7. It may be checked into the trunk, with the following caveats: > (defcustom auth-source-debug nil > "Whether auth-source should log debug messages. > Also see `auth-source-hide-passwords'. > > Can be t, which means to use `message'. Be careful, your > authentication data will be in the clear (except for passwords, > which are always cleared).. > > Can also be a function, in which case the function should take > the same parameters as `message'." This docstring could be improved. I suggest: "Whether auth-source should log debug messages. Also see `auth-source-hide-passwords'. If the value is nil, debug messages are not logged. If the value is t, debug messages are logged with `message'. In that case, your authentication data will be in the clear (except for passwords, which are always stripped out). If the value is a function, debug messages are logged by calling that function using the same arguments as `message'." The docstring of auth-source-hide-passwords should also mention that it's only relevant if auth-source-debug is non-nil. > (defun auth-source-do-debug (&rest msg) > ;; set logger to either the function in auth-source-debug or 'message > ;; note that it will be 'message if auth-source-debug is nil, so > ;; we also check the value > (let ((logger (if (functionp auth-source-debug) > auth-source-debug > 'message))) > (when auth-source-debug > (apply logger msg)))) You should put the `when' check on the outside.