Re: auth-source patch for secure logging

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth-source patch for secure logging

From:	Chong Yidong
Subject:	Re: auth-source patch for secure logging
Date:	Thu, 16 Jul 2009 11:32:48 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/23.0.96 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> Attached is a patch to auth-source.el that:
>
> - introduces auth-source-debug
> - sets it to nil by default, so no logging is done (this changes the
>   previous behavior where we always log to *Messages*)
> - allows t (relay to 'message) and any function as options for that
>   variable
>
> It's against the Gnus CVS, but Emacs CVS has the same contents.
>
> If it's possible to include this in the upcoming release, I think it
> would improve security for Emacs users.  It's not a critical fix,
> however, so I will defer to the maintainers to decide.
>
> If it's accepted, please commit it to the Emacs CVS and then Miles can
> sync it back to the Gnus CVS.

Let's not check this into the branch.  These messages are not logged by
default anyway, since gnus-verbose defaults to 7.

It may be checked into the trunk, with the following caveats:

> (defcustom auth-source-debug nil
>   "Whether auth-source should log debug messages.
> Also see `auth-source-hide-passwords'.
>
> Can be t, which means to use `message'.  Be careful, your
> authentication data will be in the clear (except for passwords,
> which are always cleared)..
>
> Can also be a function, in which case the function should take
> the same parameters as `message'."

This docstring could be improved.  I suggest:

  "Whether auth-source should log debug messages.
Also see `auth-source-hide-passwords'.

If the value is nil, debug messages are not logged.
If the value is t, debug messages are logged with `message'.
 In that case, your authentication data will be in the
 clear (except for passwords, which are always stripped out).
If the value is a function, debug messages are logged by calling
 that function using the same arguments as `message'."

The docstring of auth-source-hide-passwords should also mention that
it's only relevant if auth-source-debug is non-nil.

> (defun auth-source-do-debug (&rest msg)
>   ;; set logger to either the function in auth-source-debug or 'message
>   ;; note that it will be 'message if auth-source-debug is nil, so
>   ;; we also check the value
>   (let ((logger (if (functionp auth-source-debug)
>                   auth-source-debug
>                 'message)))
>     (when auth-source-debug
>       (apply logger msg))))

You should put the `when' check on the outside.

[Prev in Thread]

Current Thread

[Next in Thread]

auth-source patch for secure logging, Ted Zlatanov, 2009/07/16
- Re: auth-source patch for secure logging, Ted Zlatanov, 2009/07/16
  - Re: auth-source patch for secure logging, Davis Herring, 2009/07/16
    - Re: auth-source patch for secure logging, Ted Zlatanov, 2009/07/16
- Re: auth-source patch for secure logging, Chong Yidong <=
  - Re: auth-source patch for secure logging, Ted Zlatanov, 2009/07/16
    - Re: auth-source patch for secure logging, Ted Zlatanov, 2009/07/16
  - Re: auth-source patch for secure logging, Glenn Morris, 2009/07/17
  - Re: auth-source patch for secure logging, Ted Zlatanov, 2009/07/17
    - Re: auth-source patch for secure logging, Glenn Morris, 2009/07/17
    - Re: auth-source patch for secure logging, Ted Zlatanov, 2009/07/17
    - Re: auth-source patch for secure logging, Chong Yidong, 2009/07/17
    - Re: auth-source patch for secure logging, Chong Yidong, 2009/07/18
    - Re: auth-source patch for secure logging, Sven Joachim, 2009/07/17

Prev by Date: Re: auth-source patch for secure logging
Next by Date: Re: auth-source patch for secure logging
Previous by thread: Re: auth-source patch for secure logging
Next by thread: Re: auth-source patch for secure logging
Index(es):
- Date
- Thread