From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63627 Path: news.gmane.org!not-for-mail From: Reiner Steib Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general Subject: Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Date: Sat, 02 Sep 2006 13:16:05 +0200 Message-ID: References: <9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org> <4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org> <87fyjz2gaj.fsf@pacem.orebokech.com> Reply-To: Reiner Steib NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1157198856 27348 80.91.229.2 (2 Sep 2006 12:07:36 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sat, 2 Sep 2006 12:07:36 +0000 (UTC) Cc: Daiki Ueno , Satyaki Das , Simon Josefsson Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Sep 02 14:07:33 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1GJUHZ-0002Om-Cd for ged-emacs-devel@m.gmane.org; Sat, 02 Sep 2006 14:07:31 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GJUHV-0006Zo-Hr for ged-emacs-devel@m.gmane.org; Sat, 02 Sep 2006 08:07:25 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GJUEV-00049l-K3 for emacs-devel@gnu.org; Sat, 02 Sep 2006 08:04:19 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GJUEU-00048o-KQ for emacs-devel@gnu.org; Sat, 02 Sep 2006 08:04:19 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GJUEU-00048I-9N for emacs-devel@gnu.org; Sat, 02 Sep 2006 08:04:18 -0400 Original-Received: from [134.60.1.1] (helo=mail.uni-ulm.de) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1GJUOX-00076d-St for emacs-devel@gnu.org; Sat, 02 Sep 2006 08:14:42 -0400 Original-Received: from bridgekeeper.physik.uni-ulm.de (bridgekeeper.physik.uni-ulm.de [134.60.10.123]) by mail.uni-ulm.de (8.13.8/8.13.8) with ESMTP id k82C3tCN006425; Sat, 2 Sep 2006 14:03:55 +0200 (MEST) Original-Received: from viandante.physik.uni-ulm.de (bridgekeeper.physik.uni-ulm.de [134.60.10.123]) by bridgekeeper.physik.uni-ulm.de (Postfix) with SMTP id 4C1B611EB5; Sat, 2 Sep 2006 14:03:52 +0200 (CEST) Original-Received: (nullmailer pid 15095 invoked by uid 170); Sat, 02 Sep 2006 11:16:05 -0000 Original-To: ding@gnus.org, emacs-devel@gnu.org In-Reply-To: (Reiner Steib's message of "Sat, 06 May 2006 14:37:48 +0200") User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) X-DCC-INFN-TO-Metrics: gemini 1233; Body=5 Fuz1=5 Fuz2=5 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:59250 gmane.emacs.gnus.general:63627 Archived-At: [ Adding emacs-devel; therefore not trimming quotes. See for the rest of the discussion. ] On Sat, May 06 2006, Reiner Steib wrote: > On Thu, Apr 27 2006, Romain Francoise wrote: > >> Daiki Ueno writes: >> >>> For example, the original PGG does not use `call-process-region' for >>> security reason -- this function writes data to a temporary file. > > Did you check which versions of Emacs or XEmacs do this? (I don't > have the C sources here ATM, so I can't check myself.) In current Emacs CVS in fact `call-process-region' uses temp files. Bad. I think this is a severe security problem, isn't it? I think this should be fixed before the release. >>> About three years ago, Gnus decided to use `call-process-region' in >>> PGG to avoid display blinking. >> >> The current version of PGG in the trunk doesn't do that anymore. >> That sounds like a good enough reason to sync that version in v5-10! > > Maybe we should rather revert the change introducing > `call-process-region' [1]? The revered patch doesn't apply anymore. Could someone please look for a possibility to avoid `call-process-region' in `pgg-gpg-process-region' or suggest an alternative solution? > Have all the problems that led us to revert pgg-gpg.el before the > 5.10.8 release been fixed in the trunk version (or in Daiki's > version)? > > Bye, Reiner. > > [1] > ,----[ ChangeLog.2 ] > | 2003-02-08 Simon Josefsson > | > | * gnus-sum.el (gnus-summary-select-article): Remove blink removal > | code that only worked under Emacs. > | > | * pgg-gpg.el (pgg-gpg-process-region): Don't blink. From Satyaki > | Das . > `---- > > --- pgg-gpg.el 2 Nov 2002 04:27:00 -0000 6.8 > +++ pgg-gpg.el 8 Feb 2003 18:58:23 -0000 6.9 > @@ -59,27 +59,22 @@ > (errors-buffer pgg-errors-buffer) > (orig-mode (default-file-modes)) > (process-connection-type nil) > - process status exit-status) > + exit-status) > (with-current-buffer (get-buffer-create errors-buffer) > (buffer-disable-undo) > (erase-buffer)) > (unwind-protect > (progn > (set-default-file-modes 448) > - (let ((coding-system-for-write 'binary)) > - (setq process > - (apply #'start-process "*GnuPG*" errors-buffer > - program args))) > - (set-process-sentinel process #'ignore) > - (when passphrase > - (process-send-string process (concat passphrase "\n"))) > - (process-send-region process start end) > - (process-send-eof process) > - (while (eq 'run (process-status process)) > - (accept-process-output process 5)) > - (setq status (process-status process) > - exit-status (process-exit-status process)) > - (delete-process process) > + (let* ((coding-system-for-write 'binary) > + (input (buffer-substring-no-properties start end))) > + (with-temp-buffer > + (when passphrase > + (insert passphrase "\n")) > + (insert input) > + (setq exit-status > + (apply #'call-process-region (point-min) (point-max) program > + nil errors-buffer nil args)))) > (with-current-buffer (get-buffer-create output-buffer) > (buffer-disable-undo) > (erase-buffer) > @@ -87,12 +82,8 @@ > (let ((coding-system-for-read 'raw-text-dos)) > (insert-file-contents output-file-name))) > (set-buffer errors-buffer) > - (if (memq status '(stop signal)) > - (error "%s exited abnormally: '%s'" program exit-status)) > - (if (= 127 exit-status) > - (error "%s could not be found" program)))) > - (if (and process (eq 'run (process-status process))) > - (interrupt-process process)) > + (if (not (equal exit-status 0)) > + (error "%s exited abnormally: '%s'" program exit-status)))) > (if (file-exists-p output-file-name) > (delete-file output-file-name)) > (set-default-file-modes orig-mode)))) -- ,,, (o o) ---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/