[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix needed for communication with gpg-agent

From: Chong Yidong
Subject: Re: Fix needed for communication with gpg-agent
Date: Fri, 23 Feb 2007 18:03:59 -0500
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.94 (gnu/linux)

Richard Stallman <address@hidden> writes:

>     This and for non-X one could suggest to use screen and start gpg-agent
>     using the option
>      --keep-tty
>       Ignore requests to change change the current @code{tty} respective the X
>       window system's @code{DISPLAY} variable.  This is useful to lock the
>       pinentry to pop up at the @code{tty} or display you started the agent.
>     on a different tty than Emacs.  I know that a least one hacker is
>     using it this way.
> That is not an acceptable solution because it calls on the user to
> do something very unusual merely in order to be able to use gpg.

This unusual approach is only if the user wants to use gpg-agent on
the console.

As I've pointed out, the way PGG communicates with gpg is quite
secure, since it is done using a pty instead of a tempfile.  The two
drawbacks to entering the passphrase through PGG is that (a) Emacs is
more complicated that pinentry, so it may be more probable that Emacs
contains an exploitable bug than pinentry, and (b) your cached
passphrase might be recoverable by someone else who uses your console
when you step away.

Note that in case (b), you're screwed anyway: once a malicious
attacker has access to your console, he can install such nastier
attacks (keyboard sniffers, etc) that Emacs/PGG may be the least of
your worries.

So we're left with reason (a).  I think it is sufficient to recommend
using gpg-agent under X; if the user does not want to use X, we can
say to either (i) use PGG's Elisp passphrase caching, and explain how
it's not necessarily the best thing to do because Emacs code may
harbor bugs (though we're not currently aware of any), or (ii) use the
above unusual setup if he wants to use gpg-agent.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]