[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix needed for communication with gpg-agent

From: Richard Stallman
Subject: Re: Fix needed for communication with gpg-agent
Date: Fri, 23 Feb 2007 17:09:31 -0500

    I think this suggestion is based on a misunderstanding -- the security
    problems in the current implementation (when not using gpg-agent) has
    nothing to do with caching, it comes form the fact, that emacs writes
    the the passphrase to an temporary file (which is then feed to gpg).

Thanks for filling in that important detail.
(This is why I said we needed to involve you in the discussion
before deciding what to do.)

If all we have to do is avoid passing it thru a temporary file,
there must be lots of other ways to avoid that.  Could it be passed
through a pipe or a socket?

Someone says it already is:

    The current version of pgg in Emacs CVS uses start-process to create
    an asynchronous gpg process, and communicates with it using
    process-send-string.  On systems that support ptys, Emacs communicates
    with asynchronous processes through ptys (see create_process in
    process.c:1815), not tempfiles.

    Unless there is some security risk in the way we use ptys that I'm not
    aware of, I don't think there is a problem in the way we communicate
    with gpg.

Does this mean the problem is already fixed?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]