From: gdt@work.lexort.com
Cc: Daiki Ueno <ueno@unixuser.org>,
fw@deneb.enyo.de, jas@extundo.com,
satyaki@chicory.stanford.edu, ding@gnus.org,
Reiner.Steib@gmx.de, emacs-devel@gnu.org
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Wed, 06 Sep 2006 15:33:46 -0400 [thread overview]
Message-ID: <smubqpshjs5.fsf@linuxpal.mit.edu> (raw)
In-Reply-To: <E1GL2iA-0000uI-22@fencepost.gnu.org> (Richard Stallman's message of "Wed, 06 Sep 2006 15:05:22 -0400")
[-- Attachment #1: Type: text/plain, Size: 858 bytes --]
I think there's a higher-level point that hasn't been made explicit,
although I'm sure it's what Daiki is thinking: Anything that can cause
the passphrase to be written to the filesystem is horribly broken; the
whole point of the passphrase is that while the secret key (encrypted
in the passphrase) is on disk, without the passphrase one can't get
the key even if one has the disk. As soon as the passphrase ends up
on disk, through a temp file, core file, swap space, the plan is
compromised. Programs like gnupg take care to mlock(2) or similar to
keep key data from being paged out. (One also needs to disable kernel
crash dumps.)
The right solution might instead be to push for gpg-agent to be
production ready, so that entire notion of emacs dealing with
passphrases can be deprecated.
--
Greg Troxel <gdt@work.lexort.com>
[-- Attachment #2: Type: application/pgp-signature, Size: 185 bytes --]
next prev parent reply other threads:[~2006-09-06 19:33 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-26 12:41 pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-26 13:22 ` Daiki Ueno
2006-04-26 22:27 ` Katsumi Yamaoka
2006-04-27 7:01 ` Katsumi Yamaoka
2006-04-27 9:36 ` Daiki Ueno
2006-04-27 10:19 ` Katsumi Yamaoka
2006-04-27 10:48 ` Katsumi Yamaoka
2006-04-27 14:45 ` Daiki Ueno
2006-04-27 15:23 ` Romain Francoise
2006-05-06 12:37 ` pgg-gpg-process-region (was: pgg-output-buffer gets created as a unibyte buffer) Reiner Steib
2006-09-02 11:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Reiner Steib
2006-09-02 13:16 ` Security flaw in pgg-gpg-process-region? Daiki Ueno
2006-09-02 13:49 ` Daiki Ueno
2006-09-03 15:16 ` Richard Stallman
2006-09-04 1:36 ` Daiki Ueno
2006-09-04 17:18 ` Richard Stallman
2006-09-04 17:45 ` Daiki Ueno
2006-09-04 17:48 ` David Kastrup
2006-09-05 5:06 ` Daiki Ueno
2006-09-05 15:10 ` Chong Yidong
2006-09-06 8:49 ` Richard Stallman
2006-09-06 9:25 ` Daiki Ueno
2006-09-07 6:54 ` Richard Stallman
2006-09-06 8:49 ` Richard Stallman
2006-09-03 15:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Richard Stallman
2006-09-03 16:28 ` Security flaw in pgg-gpg-process-region? Florian Weimer
2006-09-04 2:04 ` Daiki Ueno
2006-09-04 2:25 ` Miles Bader
2006-09-05 9:43 ` Richard Stallman
2006-09-05 11:57 ` Daiki Ueno
2006-09-06 19:05 ` Richard Stallman
2006-09-06 19:33 ` gdt [this message]
2006-09-06 21:33 ` Miles Bader
2006-09-07 21:13 ` Richard Stallman
2006-09-19 10:02 ` Sascha Wilde
2006-09-19 22:56 ` Richard Stallman
2006-11-11 22:00 ` Sascha Wilde
2006-11-12 21:12 ` Richard Stallman
2006-11-12 21:38 ` Sascha Wilde
2006-11-13 20:15 ` Richard Stallman
2006-11-14 11:11 ` Sascha Wilde
2006-09-06 22:44 ` Daiki Ueno
2006-09-07 21:14 ` Richard Stallman
2006-09-06 20:11 ` Florian Weimer
2006-09-07 14:12 ` Chong Yidong
2006-09-07 21:13 ` Richard Stallman
2006-04-27 16:08 ` pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-28 5:18 ` Katsumi Yamaoka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=smubqpshjs5.fsf@linuxpal.mit.edu \
--to=gdt@work.lexort.com \
--cc=Reiner.Steib@gmx.de \
--cc=ding@gnus.org \
--cc=emacs-devel@gnu.org \
--cc=fw@deneb.enyo.de \
--cc=jas@extundo.com \
--cc=satyaki@chicory.stanford.edu \
--cc=ueno@unixuser.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).