[vile] vile's security flaw in gnugpg macros

vile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vile] vile's security flaw in gnugpg macros

From:	Paul Fox
Subject:	[vile] vile's security flaw in gnugpg macros
Date:	Fri, 11 Apr 2014 13:19:56 -0400

while playing with the gnugpg macros in gnugpg.rc, i noticed that
after an encrypt or decrypt operation, the key used for the operation
is available in plaintext if the user undoes the en/decryption.  (this
is due to the macros making use of the first line of the current
buffer as a holding area for the key -- gpg is invoked as a filter on
that line.)

one fix would be to disable the undo stack across the en/decryption
operation.  i was testing that possibility when i hit the "set" failure
described in my previous mail.

paul
----------------------
 paul fox, address@hidden (arlington, ma, where it's 66.4 degrees)

[Prev in Thread]

Current Thread

[Next in Thread]

[vile] vile's security flaw in gnugpg macros, Paul Fox <=

Prev by Date: [vile] duplicate free core dump with "set"
Next by Date: Re: [vile] duplicate free core dump with "set"
Previous by thread: [vile] duplicate free core dump with "set"
Next by thread: [vile] Colour problem with vile on upgrade from Xubuntu 13.10 to Xubuntu 14.04
Index(es):
- Date
- Thread