--- Begin Message ---
|
Subject: |
24.3.50; epa-file.el: decrypted contents get inserted into the wrong buffer |
|
Date: |
Mon, 02 Dec 2013 22:26:04 +0600 |
hi,
it's a race condition while opening a file using epa-file.el to decrypt
its contents on the fly, and something else closing the buffer.
i have a timed function that auto-closes *.gpg buffers after a given
time of inactivity:
http://dwim.hu/darcsweb/darcsweb.cgi?r=HEAD%20hu.dwim.environment;a=headblob;f=/user/attila.lendvai/init.el#l72
the following simplified version can be used to reproduce the issue:
(defun %kill-gpg-buffers ()
;; automatically delete *.gpg buffers
(dolist (buffer (copy-list (buffer-list)))
(with-current-buffer buffer
(when (and (string-match ".*\.gpg$" (buffer-name))
;; a sloppy workaround: (> (buffer-size) 0)
)
(message "Auto-killing .gpg buffer '%s'" (buffer-name buffer))
(kill-buffer buffer)))))
(run-with-timer 0.1 0.1 '%kill-gpg-buffers)
;; (cancel-function-timers '%kill-gpg-buffers)
note that gpg-agent can introduce a long delay when asking the user for
the key password, which significantly raises the probability of
triggering this (i managed to save decrypted content into files where i
shouldn't have).
a possible fix is to add a check to the right place that ensures that
the current-buffer has not changed. i've experimented with this and that
in epa-file-insert-file-contents, but my emacs background knowledge is
too limited to efficiently deal with this security hole.
if it'll be rejected as a wontfix, then please advise how to implement
the autoclosing feature.
thank you for your time,
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“Once the fabric of a just society is undone, it takes generations to weave it
back together.”
— Deepak Chopra
In GNU Emacs 24.3.50.1 (x86_64-pc-linux-gnu, GTK+ Version 3.4.2)
of 2013-04-20 on dex, modified by Debian
(emacs-snapshot package, version 2:20130420-1)
Windowing system distributor `The X.Org Foundation', version 11.0.11204000
System Description: Debian GNU/Linux 7.2 (wheezy)
Configured using:
`configure --build x86_64-linux-gnu --host x86_64-linux-gnu
--prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib
--localstatedir=/var --infodir=/usr/share/info --mandir=/usr/share/man
--with-pop=yes
--enable-locallisppath=/etc/emacs-snapshot:/etc/emacs:/usr/local/share/emacs/24.3.50/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.3.50/site-lisp:/usr/share/emacs/site-lisp
--without-compress-info --with-crt-dir=/usr/lib/x86_64-linux-gnu/
--with-x=yes --with-x-toolkit=gtk3 --with-imagemagick=yes
CFLAGS='-DDEBIAN -DSITELOAD_PURESIZE_EXTRA=5000 -g -O2'
CPPFLAGS='-D_FORTIFY_SOURCE=2' LDFLAGS='-g -Wl,--as-needed
-znocombreloc''
Important settings:
value of $LANG: en_US.utf8
locale-coding-system: utf-8-unix
default enable-multibyte-characters: t
Major mode: Lisp
Minor modes in effect:
eldoc-mode: t
nxhtml-menu-mode: t
nxhtml-tag-do-also: t
popcmp-group-alternatives: t
popcmp-short-help-beside-alts: t
mlinks-active-links: t
rngalt-minimal-validation-header: t
rngalt-display-validation-header: t
global-edit-server-edit-mode: t
delete-selection-mode: t
ido-everywhere: t
show-paren-mode: t
slime-mode: t
global-whitespace-mode: t
shell-dirtrack-mode: t
tooltip-mode: t
mouse-wheel-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
column-number-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
<right> <right> <down> <down> <right> <down> <right>
<right> C-M-. <down> <right> <right> <right> <right>
<right> <right> <right> <right> <M-up> C-q <down> <right>
<right> <right> <right> <right> <right> <right> <right>
M-k <up> <up> <up> <up> <up> <up> <up> <right> <S-down>
<S-down> <S-down> <S-down> <S-down> <S-down> <S-down>
<S-down> <S-down> <S-left> C-, C-M-/ C-. <return> <C-tab>
C-x C-s C-M-b <down> <return> C-h C-x C-s <C-tab> <up>
<C-tab> <C-tab> <down> <up> <C-tab> <up> C-f <backspace>
n o <return> a c c o u <return> <up> <up> <up> <up>
<up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up>
<up> <down> <down> <down> <down> <down> <down> <down>
<down> C-M-b <down> <right> <right> <right> <right>
<right> <right> <right> <right> <return> <next> <next>
<next> <next> <next> <next> <next> <next> <next> <next>
<next> <next> <next> <next> <next> <next> <next> <next>
<next> <next> <next> <next> <next> <next> <next> <next>
<next> <next> <next> <next> <next> <next> <next> <next>
<next> <next> <next> <next> <next> <next> <next> <next>
<next> <next> <next> <next> <next> <next> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<prior> <prior> <prior> <prior> <prior> <prior> <prior>
<up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up>
<up> <C-tab> <down> <down> <down> <down> <up> <down>
<down> <down> <down> <down> <right> <right> <right>
<right> <right> <right> <right> <right> <right> <right>
<right> <right> <right> <right> <right> <right> <right>
<right> <up> <left> <right> <down> <left> <M-right>
<return> <up> ; ; SPC t h i <backspace> <backspace>
<backspace> M-x r e p o r t - e m a c s <return>
Recent messages:
Mark set
Saving file /home/alendvai/.emacs.d/init.el...
Wrote /home/alendvai/.emacs.d/init.el
Decrypting /home/alendvai/notes/accounts.txt.gpg...done
Auto-killing .gpg buffer 'accounts.txt.gpg'
scroll-down-command: Beginning of buffer [17 times]
Auto-saving...done
call-interactively: Text is read-only
delete-backward-char: Text is read-only
call-interactively: End of buffer [12 times]
Load-path shadows:
/home/alendvai/workspace/hu.dwim.environment/emacs/htmlize hides
/usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/htmlize
/usr/share/emacs/24.3.50/site-lisp/debian-startup hides
/usr/share/emacs/site-lisp/debian-startup
/usr/share/emacs/24.3.50/site-lisp/cmake-data/cmake-mode hides
/usr/share/emacs/site-lisp/cmake-mode
/home/alendvai/workspace/hu.dwim.environment/emacs/nxhtml/tests/ert hides
/usr/share/emacs/24.3.50/lisp/emacs-lisp/ert
Features:
(shadow sort mail-extr emacsbug cc-langs cc-mode-expansions cc-mode
cc-fonts cc-guess cc-menus cc-styles cc-align dired-aux conf-mode eldoc
edit-server-htmlize etags css-mode-expansions css-mode nxml-uchnm
rng-xsd xsd-regexp rng-cmpct mule-util arc-mode archive-mode tramp-cache
misearch multi-isearch debug nxhtml-autostart nxhtml-autoload moz
cc-cmds majmodpri nxhtml-menu udev-rinari udev-ecb udev flymake-js
flymake css-color nxhtml-mode html-quote tidy-xhtml ediff-merg
ediff-diff ediff-wind ediff-help ediff-util ediff-mult ediff-init ediff
html-imenu imenu loadhist popcmp xhtml-help mlinks html-toc xml fupd
html-pagetoc foldit appmenu-fold appmenu mumamo sgml-mode rngalt desktop
cc-engine cc-vars cc-defs help-mode flyspell ispell fold-dwim hideshow
html-upl html-site ourcomments-util uniquify recentf tree-widget
the-org-mode-expansions org ob-tangle ob-ref ob-lob ob-table
org-footnote org-src ob-comint ob-keys org-pcomplete org-list org-faces
org-entities noutline outline org-version ob-emacs-lisp ob org-compat
org-macs ob-eval org-loaddefs find-func cal-menu calendar cal-loaddefs
bookmark apropos grep ffip compile gimpedit web-vcs rx url-http tls url
url-proxy url-privacy url-expand url-methods url-history url-auth
url-cookie url-domsuf url-util url-parse url-gw url-vars cus-edit
web-autoload nxhtml-base lua-mode epa-file mu4e mu4e-speedbar speedbar
sb-image ezimage dframe mu4e-main mu4e-view epa epg mu4e-headers
mu4e-compose mu4e-draft mu4e-actions rfc2368 smtpmail sendmail mu4e-mark
mu4e-message html2text mu4e-proc mu4e-utils doc-view jka-compr
image-mode mu4e-lists mu4e-about mu4e-vars hl-line mu4e-meta
expand-region text-mode-expansions nxml-mode-expansions
html-mode-expansions er-basic-expansions expand-region-custom
expand-region-core edit-server dwim-key-bindings dwim-init delsel
slime-sprof slime-tramp slime-fancy slime-fontifying-fu slime-package-fu
slime-scratch slime-fuzzy slime-fancy-trace slime-fancy-inspector
slime-presentations slime-c-p-c slime-editing-commands slime-autodoc
slime-parse slime-sbcl-exts slime-references slime-asdf slime-repl elp
ido paren cus-start cus-load smooth-scrolling warnings scheme slime
hyperspec thingatpt browse-url saveplace findr swbuff hu.dwim.logger
hu.dwim.syntax-sugar hu.dwim.quasi-quote paredit edmacro kmacro
hu.dwim.def goto-last-change whitespace rng-nxml rng-valid rng-loc
rng-uri rng-parse nxml-parse rng-match rng-dt rng-util rng-pttrn nxml-ns
nxml-mode nxml-outln nxml-rap nxml-util nxml-glyph nxml-enc xmltok tramp
tramp-compat auth-source eieio byte-opt bytecomp byte-compile cconv
tramp-loaddefs trampver shell pcomplete advice dired ielm pp comint
ansi-color ring redo darcsum gnus-fun gnus-art mm-uu mml2015 epg-config
mm-view mml-smime smime password-cache dig mailcap gnus-sum nnoo
gnus-group gnus-undo nnmail mail-source gnus-start gnus-spec gnus-int
gnus-range message format-spec rfc822 mml mml-sec mm-decode mm-bodies
mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev
gmm-utils mailheader gnus-win gnus gnus-ems nnheader gnus-util
mail-utils mm-util mail-prsvr wid-edit easymenu derived add-log
dwim-util help-fns cl-macs gv cl nadvice cl-lib magit-install
emacs-goodies-el emacs-goodies-custom emacs-goodies-loaddefs easy-mmode
time-date tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd
tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment
lisp-mode register page menu-bar rfn-eshadow timer select scroll-bar
mouse jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
minibuffer loaddefs button faces cus-face macroexp files text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind inotify
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty emacs)
<#secure method=pgpmime mode=sign>
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#16029: 24.3.50; epa-file.el: decrypted contents get inserted into the wrong buffer |
|
Date: |
Mon, 02 Dec 2013 13:56:40 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
> it's a race condition while opening a file using epa-file.el to decrypt
> its contents on the fly, and something else closing the buffer.
Indeed, epg-decrypt-file runs filters and timers, so "anything can
happen". I installed the patch below to try and address this problem,
Stefan
=== modified file 'lisp/epa-file.el'
--- lisp/epa-file.el 2013-10-28 08:04:48 +0000
+++ lisp/epa-file.el 2013-12-02 18:51:23 +0000
@@ -132,6 +132,7 @@
(error)))
(local-file (or local-copy file))
(context (epg-make-context))
+ (buf (current-buffer))
string length entry)
(if visit
(setq buffer-file-name file))
@@ -157,9 +158,10 @@
nil t))
(signal 'file-error
(cons "Opening input file" (cdr error)))))
- (make-local-variable 'epa-file-encrypt-to)
- (setq epa-file-encrypt-to
- (mapcar #'car (epg-context-result-for context 'encrypted-to)))
+ (set-buffer buf) ;In case timer/filter changed/killed it (bug#16029)!
+ (setq-local epa-file-encrypt-to
+ (mapcar #'car (epg-context-result-for
+ context 'encrypted-to)))
(if (or beg end)
(setq string (substring string (or beg 0) end)))
(save-excursion
--- End Message ---