[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fix needed for communication with gpg-agent
From: |
Richard Stallman |
Subject: |
Re: Fix needed for communication with gpg-agent |
Date: |
Wed, 21 Feb 2007 03:37:51 -0500 |
> We need to solve this problem one way or another now, because we
> decided to fix a certain security hole by telling users to use
> gpg-agent. We don't need the most elegant possible fix, but we
> need something reasonable to use.
Has anyone ever said that not using gpg-agent causes a security hole
(except for you)?
What a silly question! I am not an expert on security, so such a
concern idea would NEVER originate from me. Thus problem was
described in this list by others, a few months ago.
Basically, the worry is that someone could somehow
change the Elisp code in your Emacs session so that it records your
passphrase as you are entering it. This is a non-zero but minuscule
risk.
I think he could also walk up to your terminal after you have entered
the passphrase, and get it out of data remaining in Emacs.
In the discussion when this was raised, people seemed to agree
it was a problem we should fix. And the only fix was to avoid
storing passphrases in Emacs.
- Re: Fix needed for communication with gpg-agent, (continued)
- Re: Fix needed for communication with gpg-agent, Andreas Schwab, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Kim F. Storm, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Stefan Monnier, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Miles Bader, 2007/02/24
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/20
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/20
- Re: Fix needed for communication with gpg-agent,
Richard Stallman <=
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/21
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/22
Re: Fix needed for communication with gpg-agent, Kim F. Storm, 2007/02/20