[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
From: |
Daiki Ueno |
Subject: |
Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5 |
Date: |
Fri, 07 Feb 2014 18:07:35 +0900 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> What do you think happens when you open a .gpg file using GnuPG
> externally, even disregarding the OS channels traveled? That data is
> certainly not safe from defadvice.
Didn't I ever say:
- Once an attacker successfully takes over your desktop session, he can
do almost everything. We can't do much on that situation. Why don't
you lock the screen before leaving?
- More possible threat is inspecting persistent data (e.g. core files on
a disk attached to a stolen note PC). GnuPG is designed to be secure
against this, using "secure core".
- On the other hand, Emacs copies small strings around. If passwords
(normally not too long) are managed poorly in Emacs, they might appear
repeatedly in a core file, when it crashes.
> Emacs as a whole could use a way to hide "data not intended for direct
> user inspection" better, and provide for a "tainting" trace of data
> (to use the Perl term).
Interesting. Any prior art on that area? I haven't heard the word
"tainting" used in that way. Isn't it for preventing untrusted data
being injected to, say, SQL?
--
Daiki Ueno
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, (continued)
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Stephen J. Turnbull, 2014/02/06
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, David Kastrup, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Stephen J. Turnbull, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, David Kastrup, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Stephen J. Turnbull, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, David Kastrup, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Stephen J. Turnbull, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Stephen J. Turnbull, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5,
Daiki Ueno <=
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/07
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Daiki Ueno, 2014/02/08
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/08
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Daiki Ueno, 2014/02/05
Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/04