[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Documenting gpg-agent
From: |
Ken Manheimer |
Subject: |
Re: Documenting gpg-agent |
Date: |
Thu, 15 Feb 2007 11:33:47 -0500 |
i believe the patch/issue discussed below has slipped between the
cracks. pgg-gpg-process-region still disregards a passed-in
passphrase, so that the gpg-agent prompts the user despite it having
been explicitly passed in as a parameter.
i can verify that the patch daiki ueno proposes in the discussion
settles the problem for me. this being a security-related routine, it
would be nice to know that the "right" eyes, and not just "many eyes",
have evaluated it - and everyone waiting for someone else to be the
right eyes may be why it has languished...
i currently have a provision in allout to disable use of gpg-agent
within the critical region where this bug occurs, but it would be
better to correct pgg-gpg-process-region, and remove the workaround
from allout. is there a way to get the change evaluated sufficiently?
--
ken
http://myriadicity.net
On 12/25/06, Daiki Ueno <address@hidden> wrote:
>>>>> In <address@hidden>
>>>>> Richard Stallman <address@hidden> wrote:
> Since allout exploits the use of PGG's passphrase handling functions to
> provide a custom passphrase handling, it's not a bug in PGG or gpg-agent,
> I think.
> I am not convinced of that. He says that PGG was ignoring the
> passphrases that allout passes in. Why isn't that a bug?
I'm sorry for that I misunderstood his explanation and the current
gpg-agent support of PGG. I just looked at the code and found it
actually has a bug. PGG checks whether to use a given passphrase or
gpg-agent two times, for the first time a given passphrase wins, but for
the second time gpg-agent wins. Here is a tiny patch to fix this.
Sascha, can you check this?
Index: lisp/pgg-gpg.el
===================================================================
RCS file: /sources/emacs/emacs/lisp/pgg-gpg.el,v
retrieving revision 1.19
diff -c -r1.19 pgg-gpg.el
*** lisp/pgg-gpg.el 17 Dec 2006 23:18:36 -0000 1.19
--- lisp/pgg-gpg.el 26 Dec 2006 01:00:29 -0000
***************
*** 61,67 ****
"GnuPG ID of your default identity.")
(defun pgg-gpg-process-region (start end passphrase program args)
! (let* ((use-agent (pgg-gpg-use-agent-p))
(output-file-name (pgg-make-temp-file "pgg-output"))
(args
`("--status-fd" "2"
--- 61,67 ----
"GnuPG ID of your default identity.")
(defun pgg-gpg-process-region (start end passphrase program args)
! (let* ((use-agent (and (null passphrase) (pgg-gpg-use-agent-p)))
(output-file-name (pgg-make-temp-file "pgg-output"))
(args
`("--status-fd" "2"
--
Daiki Ueno
- Re: Documenting gpg-agent,
Ken Manheimer <=