[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security flaw in pgg-gpg-process-region?
From: |
Daiki Ueno |
Subject: |
Re: Security flaw in pgg-gpg-process-region? |
Date: |
Mon, 04 Sep 2006 11:04:38 +0900 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) |
>>>>> In <address@hidden>
>>>>> Florian Weimer <address@hidden> wrote:
> * Reiner Steib:
> > In current Emacs CVS in fact `call-process-region' uses temp files.
> > Bad. I think this is a severe security problem, isn't it?
> Why? AFAICS, Emacs uses mkstemp when available, which should get the
> permissions right.
May I answer the question on behalf of Reiner Steib?
When decrypting PGP messages PGG will send your passphrase along with
data, so if Emacs process is killed and you have stolen your note PC,
your passphrase can also be stolen from the temp file.
Regards,
--
Daiki Ueno
- Re: Security flaw in pgg-gpg-process-region?, (continued)
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?, David Kastrup, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/05
- Re: Security flaw in pgg-gpg-process-region?, Chong Yidong, 2006/09/05
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/07
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/06
Re: Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region), Richard Stallman, 2006/09/03
Re: Security flaw in pgg-gpg-process-region?, Florian Weimer, 2006/09/03
- Re: Security flaw in pgg-gpg-process-region?,
Daiki Ueno <=
- Re: Security flaw in pgg-gpg-process-region?, Miles Bader, 2006/09/03
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/05
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/05
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/07
- Re: Security flaw in pgg-gpg-process-region?, gdt, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Miles Bader, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/07
- Re: Security flaw in pgg-gpg-process-region?, Sascha Wilde, 2006/09/19