emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: Daiki Ueno
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Tue, 05 Sep 2006 02:45:53 +0900
User-agent: T-gnus/6.17.4 (based on No Gnus v0.4) EMIKO/1.14.1 (Choanoflagellata) FLIM/1.14.8 (Shijō) APEL/10.6 XEmacs/21.4.16 (i686-pc-linux) MULE 
>>>>> In <address@hidden> 
>>>>>   Richard Stallman <address@hidden> wrote:
>     Yes it does.  To solve them we should revert a couple of changes from
>     Satyaki Das

>     http://article.gmane.org/gmane.emacs.gnus.general/49947 (1)
>     http://article.gmane.org/gmane.emacs.gnus.general/50457 (2)

> I'm sure your right that these changes caused a problem.
> I am sure there was also a motive for the changes.
> Do you know what it was?

There are appearantly two motives as he mentioned in the above article.

First, in (1) he didn't like the "display blinking" behavior since PGG
had been used asynchronous process instead of synchronous process.
As he said, this was not a real problem.

Second, (1) causes a problem which forbids using ISO-8859-1 characters
in passphrases.  So he proposed (2), but it was not a correct fix
(passphrases should be encoded in locale-coding-system rather than just
making them unibyte) and it was not working before the reversion.  I
think this is not so important problem, since it can be avoided by using
ASCII only passphrases in practice.

> If the changes solved some problems,
> does reverting the changes bring those problems back?

If you think "display blinking" is really a problem, it can be resolved
by simply binding (inhibit-redisplay t) in pgg-gpg-*-region.

The latter problem is bit difficulut to solve in the right way.

Regards,
-- 
Daiki Ueno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]