[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security flaw in pgg-gpg-process-region?
From: |
Chong Yidong |
Subject: |
Re: Security flaw in pgg-gpg-process-region? |
Date: |
Thu, 07 Sep 2006 10:12:32 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
Florian Weimer <address@hidden> writes:
> * Richard Stallman:
>
>> It would probably be fairly simple to change the implementation to
>> unlink the temp file _before_ writing the contents and pass only the
>> still-open file-descriptor (after rewinding) to Fcall_process (or
>> rather, to some common subroutine derived from Fcall_process).
>>
>> We would have to unlink the file before writing the contents into it.
>
> This doesn't achieve much, I'm afraid. Even unnamed files can be
> written to disk by the kernel. It's not much different from
> passphrases stored in process images ending up in the swap file,
> though. I'm pretty sure I looked at the situation when I wrote gpg.el
> a couple of years ago, and decided that all things considered, it's
> not terribly important.
In any case, I've looked into changing Fcall_process_region to do the
unlink-before-write trick, and changing Fcall_process to accept a file
descriptor. It's a rather big and messy job. Since it wouldn't
completely solve the problem anyway, could we postphone this for after
the release?
- Re: Security flaw in pgg-gpg-process-region?, (continued)
- Re: Security flaw in pgg-gpg-process-region?, gdt, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Miles Bader, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/07
- Re: Security flaw in pgg-gpg-process-region?, Sascha Wilde, 2006/09/19
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/19
- Re: Security flaw in pgg-gpg-process-region?, Florian Weimer, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?,
Chong Yidong <=
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/07