From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/72114 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.gnus.general Subject: Password protection Date: Tue, 28 Sep 2010 16:17:57 +0200 Organization: Programmerer Ingebrigtsen Message-ID: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1285683504 10715 80.91.229.12 (28 Sep 2010 14:18:24 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 28 Sep 2010 14:18:24 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M20487@lists.math.uh.edu Tue Sep 28 16:18:23 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1P0b0e-00025d-Hm for ding-account@gmane.org; Tue, 28 Sep 2010 16:18:20 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1P0b0X-0003BO-1a; Tue, 28 Sep 2010 09:18:13 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1P0b0V-0003B4-3W for ding@lists.math.uh.edu; Tue, 28 Sep 2010 09:18:11 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1P0b0Q-0008HY-QB for ding@lists.math.uh.edu; Tue, 28 Sep 2010 09:18:10 -0500 Original-Received: from lo.gmane.org ([80.91.229.12]) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1P0b0Q-0007Xk-00 for ; Tue, 28 Sep 2010 16:18:06 +0200 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1P0b0P-000201-Vr for ding@gnus.org; Tue, 28 Sep 2010 16:18:05 +0200 Original-Received: from 84.215.34.171 ([84.215.34.171]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 28 Sep 2010 16:18:05 +0200 Original-Received: from larsi by 84.215.34.171 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 28 Sep 2010 16:18:05 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: ding@gnus.org Original-Lines: 47 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 84.215.34.171 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEXf4OTs7OwdHR2np6vd 3uP4+Pbi4+fg4eXa2+ADAgPZKEQ8AAACY0lEQVQ4jVWTMY+jMBCFp7BwWgryA0i17dJQurAOWgp6 kDaeLb0S8lwZCQrX6fJv79mQZM9FEubjvTczBJpLnO+mqXHauOXLshxKSh/nNdUf9yZu3TzmM1A5 jMN384n643FpoynKDLIiCx7pXKJVoXoqcsJHBillNwMoz/FZTykxZrNkNa3NUc8p0cxVVpyX+AZ1 024UDqB+gXvTRioggdVXj4wXuLSb0iEN6Gx8h2dANmB2mjbbr5/1L2CTV0mn2Mf1JanRryWChHoo 4vr5Bu1NZxC3Pm7rMz4pNk9/EogWmsPrDmA3LTInhbXmGV9fmtiTkpCBUV7tHX8kACd3ACIFr/rj XtfYFXnvnNutNPX50SawdYXjIoPOGD41TXqK2OFNJEhwuSurJAGIGkQQidBuRUarNUmaBKwRIyGB mzIGITgtnGgh0TopbiTKEtayNunxiXg5ujJCC/a1n06HiSSDmOYw5oTqjZQnP4kv9q468mJOt8UK fAgXwnly6rQWrwQGITiF+rFEZdDFNCExYGQOWG74yZNrDIT7fUBDBS8FMnaFZo9S8CSdY/bM4q4D nfoOkV40M/YKowlOoRroa9NcBE6bs3CHD4DDP5F7DSlrmZg0SeFJSzEDuL8Gt3PBOm1JNCiFK8DM SlhSuvL4Dp02Sqr8fgiGnVyAwHj2flnUD14QADTLThwJ6eCQQFTtoETjGMx4oeDQESdBBhgbMT05 DSU7dz3AeGZcifUOX24J+5tOeBOHMwpozqXDrnqBnUw7OOo7GIfSZZ93faTjR3n+v34osqgs5+fF 0dWhqX6Vx/EffAJuGPlqH/kAAAAASUVORK5CYII= Mail-Copies-To: never X-Now-Playing: His Name Is Alive's _The Eclipse_: "Dream Rememberer" User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:fs87tR/PWTp/NKiCfwdKznE/XXA= X-Spam-Score: -0.7 (/) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:72114 Archived-At: I find it sort of puzzling that we have to jump through all these hoops to get at credentials. I mean, Firefox users don't have to set up a gpg agent or type their passwords a gazillion times, so why should users? But then I thought about it, and it is rather complicated. It's acceptable to store the passwords in memory (that's what Firefox does), but it's not acceptable that any Lisp phrase can say (get-stored-password ...), and then get the password. That's too unsafe. So here's my thought: If there was a C-level function that would slurp in your ~/.authinfo.gpg data, and then let you use it, but without actually ever letting a Lisp-level function see the passwords -- wouldn't that be nice? Here's how I see it working: 1) Gnus calls (authinfo-store-tokens "~/.authinfo.gpg"), and the user is (probably) prompted for a password. 2) The data is stored in the C layer, probably obfuscated in some way. 3) A new C function is added: (process-send-auth process "LOGIN larsi %p\n\r" '((:hosts ("imap.gmail.com")) (:ports ("imaps" "imap" 443)) (:user ("larsi")))) This function would then work just like `process-send-string', only that it roots out the first matching password from the auth info first, and expand the string sent. That way the Lisp application layer will never actually see the password, but it will be able to control what's otherwise being sent, and what credentials to use in a flexible manner. This should be as safe as the Firefox model. That is, if you read /proc/mem, you can get at the passwords, but it's not trivially available from the Lisp layer. Well, unless you set up a loopback server or a proxy or something, but the same is the case with Firefox. Am I missing something obvious here? -- (domestic pets only, the antidote for overdose, milk.) larsi@gnus.org * Lars Magne Ingebrigtsen