[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix needed for communication with gpg-agent

From: Sascha Wilde
Subject: Re: Fix needed for communication with gpg-agent
Date: Sat, 24 Feb 2007 00:41:34 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.93 (gnu/linux)

Richard Stallman <address@hidden> wrote:

>     I think this suggestion is based on a misunderstanding -- the security
>     problems in the current implementation (when not using gpg-agent) has
>     nothing to do with caching, it comes form the fact, that emacs writes
>     the the passphrase to an temporary file (which is then feed to gpg).
> If all we have to do is avoid passing it thru a temporary file,
> there must be lots of other ways to avoid that.  Could it be passed
> through a pipe or a socket?
> Someone says it already is:
> Does this mean the problem is already fixed?

Yes.  This problem was already solved (as said in another mail, I
forgot it was).

But there are still some more subtle security problems left, which
IIRC were discussed in the original thread, too:  If emacs caches the
passphrase there is no way to protect the passphrase from being
written to swap, when the system decides to swap out parts of emacs.

pgp-agent and pinentry on the other hand are trying hard to prevent
the passphrase from getting swaped out or written to hd by any other

So in conclusion: the main security problem was solved, but it is
still preferable to use gpg-agent.

Sascha Wilde : VI is to EMACS as masturbation is to making love:
             : effective and always available but probably not your
             : first choice...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]