[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fix needed for communication with gpg-agent
|
From: |
Chong Yidong |
|
Subject: |
Re: Fix needed for communication with gpg-agent |
|
Date: |
Sun, 25 Feb 2007 14:32:16 -0500 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.94 (gnu/linux) |
Richard Stallman <address@hidden> writes:
> But there are still some more subtle security problems left, which
> IIRC were discussed in the original thread, too: If emacs caches the
> passphrase there is no way to protect the passphrase from being
> written to swap, when the system decides to swap out parts of emacs.
>
> If we turn off caching of the passphrase in Emacs, does this problem
> go away?
Not really.
The risk here occurs when you have a password stored in cleartext in
memory (for example, it is stored in the Lisp string just before we
are about to send it to gpg). If memory get written to the swap file,
it can be read by root.
This is arguably a security hole because it makes it too easy for root
to find people's passwords (granted, root can easily steal passwords
anyway, but it arguably shouldn't be *this* easy.)
But if you are concerned enough about root stealing your passwords in
this way, you wouldn't mind running in X or performing the other
workarounds that exist for that problem.
- Re: Fix needed for communication with gpg-agent, (continued)
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/24
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/24
- Re: Fix needed for communication with gpg-agent,
Chong Yidong <=
- Re: Fix needed for communication with gpg-agent, Andreas Schwab, 2007/02/25
- Re: Fix needed for communication with gpg-agent, David Kastrup, 2007/02/25
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/25
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/26
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/27
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/27
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/27
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/23