Gnus development mailing list
 help / color / mirror / Atom feed
From: Richard Stallman <rms@gnu.org>
Cc: satyaki@chicory.stanford.edu, Reiner.Steib@gmx.de, ding@gnus.org,
	emacs-devel@gnu.org, Werner Koch <wk@gnupg.org>,
	fw@deneb.enyo.de, jas@extundo.com
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Thu, 07 Sep 2006 17:14:11 -0400	[thread overview]
Message-ID: <E1GLRCN-0000cQ-0V@fencepost.gnu.org> (raw)
In-Reply-To: <8fa58311-3574-41c5-a0ad-f40089ba8c40@well-done.deisui.org> (message from Daiki Ueno on Thu, 07 Sep 2006 07:44:16 +0900)

    ^C in the terminal where the user launched Emacs (without -nw.)  In this
    case Emacs can't be said to be "killed" but it is enough to leave the
    tempfile on the filesystem after the Emacs process terminated.

Do you actually find that users do this while running mailcrypt?
It seems like a strange thing to do; wouldn't they try C-g first,
most of the time?

By unlinking the temp file before writing it, we could avoid the
problem that the file might remain in /tmp.  As others have pointed
out, this won't avoid the problem that the passphrase could have been
written to some disk block while it was in the unlinked file, and it
could remain there, readable by reading the raw disk.  It could also
be saved on disk due swapping of Emacs.

So the real question is, how far should we go?  To what level of
smallness do we need to reduce this problem?  And how far do we need
to go now, before the Emacs 22 release?

I have cc'd Werner Koch, in the hope that he can give us some advice.

  reply	other threads:[~2006-09-07 21:14 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-26 12:41 pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-26 13:22 ` Daiki Ueno
2006-04-26 22:27   ` Katsumi Yamaoka
2006-04-27  7:01     ` Katsumi Yamaoka
2006-04-27  9:36       ` Daiki Ueno
2006-04-27 10:19         ` Katsumi Yamaoka
2006-04-27 10:48           ` Katsumi Yamaoka
2006-04-27 14:45             ` Daiki Ueno
2006-04-27 15:23               ` Romain Francoise
2006-05-06 12:37                 ` pgg-gpg-process-region (was: pgg-output-buffer gets created as a unibyte buffer) Reiner Steib
2006-09-02 11:16                   ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Reiner Steib
2006-09-02 13:16                     ` Security flaw in pgg-gpg-process-region? Daiki Ueno
2006-09-02 13:49                       ` Daiki Ueno
2006-09-03 15:16                         ` Richard Stallman
2006-09-04  1:36                           ` Daiki Ueno
2006-09-04 17:18                             ` Richard Stallman
2006-09-04 17:45                               ` Daiki Ueno
2006-09-04 17:48                                 ` David Kastrup
2006-09-05  5:06                                   ` Daiki Ueno
2006-09-05 15:10                                     ` Chong Yidong
2006-09-06  8:49                                     ` Richard Stallman
2006-09-06  9:25                                       ` Daiki Ueno
2006-09-07  6:54                                         ` Richard Stallman
2006-09-06  8:49                                 ` Richard Stallman
2006-09-03 15:16                     ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Richard Stallman
2006-09-03 16:28                     ` Security flaw in pgg-gpg-process-region? Florian Weimer
2006-09-04  2:04                       ` Daiki Ueno
2006-09-04  2:25                         ` Miles Bader
2006-09-05  9:43                         ` Richard Stallman
2006-09-05 11:57                           ` Daiki Ueno
2006-09-06 19:05                             ` Richard Stallman
2006-09-06 19:33                               ` gdt
2006-09-06 21:33                                 ` Miles Bader
2006-09-07 21:13                                 ` Richard Stallman
2006-09-19 10:02                                   ` Sascha Wilde
2006-09-19 22:56                                     ` Richard Stallman
2006-11-11 22:00                                       ` Sascha Wilde
2006-11-12 21:12                                         ` Richard Stallman
2006-11-12 21:38                                           ` Sascha Wilde
2006-11-13 20:15                                             ` Richard Stallman
2006-11-14 11:11                                             ` Sascha Wilde
2006-09-06 22:44                               ` Daiki Ueno
2006-09-07 21:14                                 ` Richard Stallman [this message]
2006-09-06 20:11                           ` Florian Weimer
2006-09-07 14:12                             ` Chong Yidong
2006-09-07 21:13                             ` Richard Stallman
2006-04-27 16:08               ` pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-28  5:18                 ` Katsumi Yamaoka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E1GLRCN-0000cQ-0V@fencepost.gnu.org \
    --to=rms@gnu.org \
    --cc=Reiner.Steib@gmx.de \
    --cc=ding@gnus.org \
    --cc=emacs-devel@gnu.org \
    --cc=fw@deneb.enyo.de \
    --cc=jas@extundo.com \
    --cc=satyaki@chicory.stanford.edu \
    --cc=wk@gnupg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).