[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region)
From: |
Reiner Steib |
Subject: |
Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) |
Date: |
Sat, 02 Sep 2006 13:16:05 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) |
[ Adding emacs-devel; therefore not trimming quotes. See
<http://thread.gmane.org/gmane.emacs.devel/43396/focus=52626> for
the rest of the discussion. ]
On Sat, May 06 2006, Reiner Steib wrote:
> On Thu, Apr 27 2006, Romain Francoise wrote:
>
>> Daiki Ueno <address@hidden> writes:
>>
>>> For example, the original PGG does not use `call-process-region' for
>>> security reason -- this function writes data to a temporary file.
>
> Did you check which versions of Emacs or XEmacs do this? (I don't
> have the C sources here ATM, so I can't check myself.)
In current Emacs CVS in fact `call-process-region' uses temp files.
Bad. I think this is a severe security problem, isn't it? I think
this should be fixed before the release.
>>> About three years ago, Gnus decided to use `call-process-region' in
>>> PGG to avoid display blinking.
>>
>> The current version of PGG in the trunk doesn't do that anymore.
>> That sounds like a good enough reason to sync that version in v5-10!
>
> Maybe we should rather revert the change introducing
> `call-process-region' [1]?
The revered patch doesn't apply anymore. Could someone please look
for a possibility to avoid `call-process-region' in
`pgg-gpg-process-region' or suggest an alternative solution?
> Have all the problems that led us to revert pgg-gpg.el before the
> 5.10.8 release been fixed in the trunk version (or in Daiki's
> version)?
>
> Bye, Reiner.
>
> [1]
> ,----[ ChangeLog.2 ]
> | 2003-02-08 Simon Josefsson <address@hidden>
> |
> | * gnus-sum.el (gnus-summary-select-article): Remove blink removal
> | code that only worked under Emacs.
> |
> | * pgg-gpg.el (pgg-gpg-process-region): Don't blink. From Satyaki
> | Das <address@hidden>.
> `----
>
> --- pgg-gpg.el 2 Nov 2002 04:27:00 -0000 6.8
> +++ pgg-gpg.el 8 Feb 2003 18:58:23 -0000 6.9
> @@ -59,27 +59,22 @@
> (errors-buffer pgg-errors-buffer)
> (orig-mode (default-file-modes))
> (process-connection-type nil)
> - process status exit-status)
> + exit-status)
> (with-current-buffer (get-buffer-create errors-buffer)
> (buffer-disable-undo)
> (erase-buffer))
> (unwind-protect
> (progn
> (set-default-file-modes 448)
> - (let ((coding-system-for-write 'binary))
> - (setq process
> - (apply #'start-process "*GnuPG*" errors-buffer
> - program args)))
> - (set-process-sentinel process #'ignore)
> - (when passphrase
> - (process-send-string process (concat passphrase "\n")))
> - (process-send-region process start end)
> - (process-send-eof process)
> - (while (eq 'run (process-status process))
> - (accept-process-output process 5))
> - (setq status (process-status process)
> - exit-status (process-exit-status process))
> - (delete-process process)
> + (let* ((coding-system-for-write 'binary)
> + (input (buffer-substring-no-properties start end)))
> + (with-temp-buffer
> + (when passphrase
> + (insert passphrase "\n"))
> + (insert input)
> + (setq exit-status
> + (apply #'call-process-region (point-min) (point-max)
> program
> + nil errors-buffer nil args))))
> (with-current-buffer (get-buffer-create output-buffer)
> (buffer-disable-undo)
> (erase-buffer)
> @@ -87,12 +82,8 @@
> (let ((coding-system-for-read 'raw-text-dos))
> (insert-file-contents output-file-name)))
> (set-buffer errors-buffer)
> - (if (memq status '(stop signal))
> - (error "%s exited abnormally: '%s'" program exit-status))
> - (if (= 127 exit-status)
> - (error "%s could not be found" program))))
> - (if (and process (eq 'run (process-status process)))
> - (interrupt-process process))
> + (if (not (equal exit-status 0))
> + (error "%s exited abnormally: '%s'" program exit-status))))
> (if (file-exists-p output-file-name)
> (delete-file output-file-name))
> (set-default-file-modes orig-mode))))
--
,,,
(o o)
---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/
- Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region),
Reiner Steib <=
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/02
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/02
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/03
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/03
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?, David Kastrup, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/05
- Re: Security flaw in pgg-gpg-process-region?, Chong Yidong, 2006/09/05
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/06