[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fix needed for communication with gpg-agent
|
From: |
Sascha Wilde |
|
Subject: |
Re: Fix needed for communication with gpg-agent |
|
Date: |
Sat, 24 Feb 2007 00:41:34 +0100 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.93 (gnu/linux) |
Richard Stallman <address@hidden> wrote:
> I think this suggestion is based on a misunderstanding -- the security
> problems in the current implementation (when not using gpg-agent) has
> nothing to do with caching, it comes form the fact, that emacs writes
> the the passphrase to an temporary file (which is then feed to gpg).
[...]
> If all we have to do is avoid passing it thru a temporary file,
> there must be lots of other ways to avoid that. Could it be passed
> through a pipe or a socket?
>
> Someone says it already is:
[...]
> Does this mean the problem is already fixed?
Yes. This problem was already solved (as said in another mail, I
forgot it was).
But there are still some more subtle security problems left, which
IIRC were discussed in the original thread, too: If emacs caches the
passphrase there is no way to protect the passphrase from being
written to swap, when the system decides to swap out parts of emacs.
pgp-agent and pinentry on the other hand are trying hard to prevent
the passphrase from getting swaped out or written to hd by any other
means.
So in conclusion: the main security problem was solved, but it is
still preferable to use gpg-agent.
sascha
--
Sascha Wilde : VI is to EMACS as masturbation is to making love:
: effective and always available but probably not your
: first choice...
- Re: Fix needed for communication with gpg-agent, (continued)
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/19
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/24
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/23
- Re: Fix needed for communication with gpg-agent,
Sascha Wilde <=
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/24
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/25
- Re: Fix needed for communication with gpg-agent, Andreas Schwab, 2007/02/25
- Re: Fix needed for communication with gpg-agent, David Kastrup, 2007/02/25
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/25
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/26
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/27
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/27
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/27
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/23