Re: Fix needed for communication with gpg-agent

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix needed for communication with gpg-agent

From:	Chong Yidong
Subject:	Re: Fix needed for communication with gpg-agent
Date:	Thu, 22 Feb 2007 17:47:24 -0500
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.0.93 (gnu/linux)

Sascha Wilde <address@hidden> writes:

> I think this suggestion is based on a misunderstanding -- the security
> problems in the current implementation (when not using gpg-agent) has
> nothing to do with caching, it comes form the fact, that emacs writes
> the the passphrase to an temporary file (which is then feed to gpg).

Maybe I'm confused, but I think this is not the problem.

>From what I recall, the issue was that an older version of pgg used
the function call-process-region.  This was a genuine security hole,
since call-process-region uses a tempfile to communicate with the
process.

The current version of pgg in Emacs CVS uses start-process to create
an asynchronous gpg process, and communicates with it using
process-send-string.  On systems that support ptys, Emacs communicates
with asynchronous processes through ptys (see create_process in
process.c:1815), not tempfiles.

Unless there is some security risk in the way we use ptys that I'm not
aware of, I don't think there is a problem in the way we communicate
with gpg.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Fix needed for communication with gpg-agent, (continued)

Prev by Date: Re: Fix needed for communication with gpg-agent
Next by Date: Re: Building without Emacs malloc, possible?
Previous by thread: Re: Fix needed for communication with gpg-agent
Next by thread: Re: Fix needed for communication with gpg-agent
Index(es):
- Date
- Thread