[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: Daiki Ueno
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Mon, 04 Sep 2006 11:04:38 +0900
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

>>>>> In <address@hidden> 
>>>>>   Florian Weimer <address@hidden> wrote:
> * Reiner Steib:

> > In current Emacs CVS in fact `call-process-region' uses temp files.
> > Bad.  I think this is a severe security problem, isn't it?

> Why?  AFAICS, Emacs uses mkstemp when available, which should get the
> permissions right.

May I answer the question on behalf of Reiner Steib?

When decrypting PGP messages PGG will send your passphrase along with
data, so if Emacs process is killed and you have stolen your note PC,
your passphrase can also be stolen from the temp file.

Daiki Ueno

reply via email to

[Prev in Thread] Current Thread [Next in Thread]