[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: gdt
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Wed, 06 Sep 2006 15:33:46 -0400
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (berkeley-unix)

I think there's a higher-level point that hasn't been made explicit,
although I'm sure it's what Daiki is thinking: Anything that can cause
the passphrase to be written to the filesystem is horribly broken; the
whole point of the passphrase is that while the secret key (encrypted
in the passphrase) is on disk, without the passphrase one can't get
the key even if one has the disk.  As soon as the passphrase ends up
on disk, through a temp file, core file, swap space, the plan is
compromised.  Programs like gnupg take care to mlock(2) or similar to
keep key data from being paged out.  (One also needs to disable kernel
crash dumps.)

The right solution might instead be to push for gpg-agent to be
production ready, so that entire notion of emacs dealing with
passphrases can be deprecated.

    Greg Troxel <address@hidden>

Attachment: pgp812pv91cJ1.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]