[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: Miles Bader
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Mon, 04 Sep 2006 11:25:48 +0900

Daiki Ueno <address@hidden> writes:
>> > In current Emacs CVS in fact `call-process-region' uses temp files.
>> > Bad.  I think this is a severe security problem, isn't it?
>> Why?  AFAICS, Emacs uses mkstemp when available, which should get the
>> permissions right.
> May I answer the question on behalf of Reiner Steib?
> When decrypting PGP messages PGG will send your passphrase along with
> data, so if Emacs process is killed and you have stolen your note PC,
> your passphrase can also be stolen from the temp file.

It would probably be fairly simple to change the implementation to
unlink the temp file _before_ writing the contents and pass only the
still-open file-descriptor (after rewinding) to Fcall_process (or
rather, to some common subroutine derived from Fcall_process).

I suppose the annoying part would be making sure everything still worked
on systems like ms-windows; I don't know if they support the common
"open and unlink before using" idiom for temp files in unix.

Quidquid latine dictum sit, altum viditur.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]