Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5

[Daiki Ueno]

Ted Zlatanov <address@hidden> writes:

> What do you think happens when you open a .gpg file using GnuPG
> externally, even disregarding the OS channels traveled?  That data is
> certainly not safe from defadvice.

Didn't I ever say:

- Once an attacker successfully takes over your desktop session, he can
  do almost everything.  We can't do much on that situation.  Why don't
  you lock the screen before leaving?

- More possible threat is inspecting persistent data (e.g. core files on
  a disk attached to a stolen note PC).  GnuPG is designed to be secure
  against this, using "secure core".

- On the other hand, Emacs copies small strings around.  If passwords
  (normally not too long) are managed poorly in Emacs, they might appear
  repeatedly in a core file, when it crashes.

> Emacs as a whole could use a way to hide "data not intended for direct
> user inspection" better, and provide for a "tainting" trace of data
> (to use the Perl term).

Interesting.  Any prior art on that area?  I haven't heard the word
"tainting" used in that way.  Isn't it for preventing untrusted data
being injected to, say, SQL?
--
Daiki Ueno