Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region)

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region)

From:	Reiner Steib
Subject:	Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region)
Date:	Sat, 02 Sep 2006 13:16:05 +0200
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

[ Adding emacs-devel; therefore not trimming quotes.  See
  <http://thread.gmane.org/gmane.emacs.devel/43396/focus=52626> for
  the rest of the discussion. ]

On Sat, May 06 2006, Reiner Steib wrote:

> On Thu, Apr 27 2006, Romain Francoise wrote:
>
>> Daiki Ueno <address@hidden> writes:
>>
>>> For example, the original PGG does not use `call-process-region' for
>>> security reason -- this function writes data to a temporary file.
>
> Did you check which versions of Emacs or XEmacs do this?  (I don't
> have the C sources here ATM, so I can't check myself.)

In current Emacs CVS in fact `call-process-region' uses temp files.
Bad.  I think this is a severe security problem, isn't it?  I think
this should be fixed before the release.

>>> About three years ago, Gnus decided to use `call-process-region' in
>>> PGG to avoid display blinking.
>>
>> The current version of PGG in the trunk doesn't do that anymore.
>> That sounds like a good enough reason to sync that version in v5-10!
>
> Maybe we should rather revert the change introducing
> `call-process-region' [1]?  

The revered patch doesn't apply anymore.  Could someone please look
for a possibility to avoid `call-process-region' in
`pgg-gpg-process-region' or suggest an alternative solution?

> Have all the problems that led us to revert pgg-gpg.el before the
> 5.10.8 release been fixed in the trunk version (or in Daiki's
> version)?
>
> Bye, Reiner.
>
> [1]
> ,----[ ChangeLog.2 ]
> | 2003-02-08  Simon Josefsson  <address@hidden>
> | 
> |     * gnus-sum.el (gnus-summary-select-article): Remove blink removal
> |     code that only worked under Emacs.
> | 
> |     * pgg-gpg.el (pgg-gpg-process-region): Don't blink.  From Satyaki
> |     Das <address@hidden>.
> `----
>
> --- pgg-gpg.el        2 Nov 2002 04:27:00 -0000       6.8
> +++ pgg-gpg.el        8 Feb 2003 18:58:23 -0000       6.9
> @@ -59,27 +59,22 @@
>        (errors-buffer pgg-errors-buffer)
>        (orig-mode (default-file-modes))
>        (process-connection-type nil)
> -      process status exit-status)
> +      exit-status)
>      (with-current-buffer (get-buffer-create errors-buffer)
>        (buffer-disable-undo)
>        (erase-buffer))
>      (unwind-protect
>       (progn
>         (set-default-file-modes 448)
> -       (let ((coding-system-for-write 'binary))
> -         (setq process
> -               (apply #'start-process "*GnuPG*" errors-buffer
> -                      program args)))
> -       (set-process-sentinel process #'ignore)
> -       (when passphrase
> -         (process-send-string process (concat passphrase "\n")))
> -       (process-send-region process start end)
> -       (process-send-eof process)
> -       (while (eq 'run (process-status process))
> -         (accept-process-output process 5))
> -       (setq status (process-status process)
> -             exit-status (process-exit-status process))
> -       (delete-process process)
> +          (let* ((coding-system-for-write 'binary)
> +                 (input (buffer-substring-no-properties start end)))
> +            (with-temp-buffer
> +              (when passphrase
> +                (insert passphrase "\n"))
> +              (insert input)
> +              (setq exit-status
> +                    (apply #'call-process-region (point-min) (point-max) 
> program
> +                           nil errors-buffer nil args))))
>         (with-current-buffer (get-buffer-create output-buffer)
>           (buffer-disable-undo)
>           (erase-buffer)
> @@ -87,12 +82,8 @@
>               (let ((coding-system-for-read 'raw-text-dos))
>                 (insert-file-contents output-file-name)))
>           (set-buffer errors-buffer)
> -         (if (memq status '(stop signal))
> -             (error "%s exited abnormally: '%s'" program exit-status))
> -         (if (= 127 exit-status)
> -             (error "%s could not be found" program))))
> -      (if (and process (eq 'run (process-status process)))
> -       (interrupt-process process))
> +         (if (not (equal exit-status 0))
> +             (error "%s exited abnormally: '%s'" program exit-status))))
>        (if (file-exists-p output-file-name)
>         (delete-file output-file-name))
>        (set-default-file-modes orig-mode))))

-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

[Prev in Thread]

Current Thread

[Next in Thread]

Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region), Reiner Steib <=
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/02
  - Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/02
    - Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/03
    - Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/03
    - Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/04
    - Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/04
    - Re: Security flaw in pgg-gpg-process-region?, David Kastrup, 2006/09/04
    - Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/05
    - Re: Security flaw in pgg-gpg-process-region?, Chong Yidong, 2006/09/05
    - Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/06

Prev by Date: GTK `read-file-name' dialog
Next by Date: Re: vc-cvs-parse-entry
Previous by thread: GTK `read-file-name' dialog
Next by thread: Re: Security flaw in pgg-gpg-process-region?
Index(es):
- Date
- Thread