emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NaCl support for Emacs


From: Ted Zlatanov
Subject: Re: NaCl support for Emacs
Date: Tue, 10 Jan 2012 07:51:08 -0500
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux)

On Tue, 10 Jan 2012 06:45:49 -0500 Ted Zlatanov <address@hidden> wrote: 

TZ> On Mon, 09 Jan 2012 19:01:48 -0800 Daniel Colascione <address@hidden> 
wrote: 
DC> On 1/9/12 5:43 PM, Ted Zlatanov wrote:

>>> Calling out to an external process is less secure than using built-in
>>> encryption primitives.  So while in general you're right, in this case
>>> I'll respectfully disagree.  It may be convenient but it's not secure.

DC> If an attacker can read the bytes sent over a pipe between your Emacs
DC> and its GPG subprocess, you've already lost. I'm not sure what
DC> reasonable definition of "secure" you meant to use here.

TZ> I'm being polite.

I sent this off too quickly accidentally.  I was writing that I don't
want to say Emacs is insecure currently, only that it can be made more
so.

To answer your question, the risk of calling an external process is not
limited to just the IPC (although that can be compromised too, depending
on the platform and its security model).  On Unix an attacker can
replace /usr/bin/gpg, for instance--that's much easier than compromising
the kernel.  The risk is in the external dependency, not GPG in
particular.  My point is, if we can gain some security by using
libnettle, which is already part of Emacs when it's compiled with
GnuTLS, then it makes sense to do it.  The cost is minimal.

Ted




reply via email to

[Prev in Thread] Current Thread [Next in Thread]