[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: Richard Stallman
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Thu, 07 Sep 2006 17:13:40 -0400

      As soon as the passphrase ends up
    on disk, through a temp file, core file, swap space, the plan is
    compromised.  Programs like gnupg take care to mlock(2) or similar to
    keep key data from being paged out.  (One also needs to disable kernel
    crash dumps.)

I think that the only feasible way Emacs could do that is with a
special C-level feature.

    The right solution might instead be to push for gpg-agent to be
    production ready, so that entire notion of emacs dealing with
    passphrases can be deprecated.

What's the state of work on this?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]