[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth-source patch for secure logging
From: |
Chong Yidong |
Subject: |
Re: auth-source patch for secure logging |
Date: |
Thu, 16 Jul 2009 11:32:48 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.0.96 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> Attached is a patch to auth-source.el that:
>
> - introduces auth-source-debug
> - sets it to nil by default, so no logging is done (this changes the
> previous behavior where we always log to *Messages*)
> - allows t (relay to 'message) and any function as options for that
> variable
>
> It's against the Gnus CVS, but Emacs CVS has the same contents.
>
> If it's possible to include this in the upcoming release, I think it
> would improve security for Emacs users. It's not a critical fix,
> however, so I will defer to the maintainers to decide.
>
> If it's accepted, please commit it to the Emacs CVS and then Miles can
> sync it back to the Gnus CVS.
Let's not check this into the branch. These messages are not logged by
default anyway, since gnus-verbose defaults to 7.
It may be checked into the trunk, with the following caveats:
> (defcustom auth-source-debug nil
> "Whether auth-source should log debug messages.
> Also see `auth-source-hide-passwords'.
>
> Can be t, which means to use `message'. Be careful, your
> authentication data will be in the clear (except for passwords,
> which are always cleared)..
>
> Can also be a function, in which case the function should take
> the same parameters as `message'."
This docstring could be improved. I suggest:
"Whether auth-source should log debug messages.
Also see `auth-source-hide-passwords'.
If the value is nil, debug messages are not logged.
If the value is t, debug messages are logged with `message'.
In that case, your authentication data will be in the
clear (except for passwords, which are always stripped out).
If the value is a function, debug messages are logged by calling
that function using the same arguments as `message'."
The docstring of auth-source-hide-passwords should also mention that
it's only relevant if auth-source-debug is non-nil.
> (defun auth-source-do-debug (&rest msg)
> ;; set logger to either the function in auth-source-debug or 'message
> ;; note that it will be 'message if auth-source-debug is nil, so
> ;; we also check the value
> (let ((logger (if (functionp auth-source-debug)
> auth-source-debug
> 'message)))
> (when auth-source-debug
> (apply logger msg))))
You should put the `when' check on the outside.