[PATCH] Add inside-Emacs mode to GUI pinentry programs
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri May 29 17:17:21 CEST 2015
On Thu 2015-05-28 07:49:16 -0400, Neal H. Walfield wrote:
> I don't think I'll find time today, but I'll take a look at it in the
> next few days.
I'm sorry i haven't had the time to look into this more deeply myself.
Scanning the code, it looks like it has a sensible general structure,
as long as the change to gpg's common/session-env.c is set.
however, doing this seems like it might open up a possible hole in the
protections offered by the agent, so i think we need to proceed
thoughtfully. If the requester can instruct the agent to talk to
arbitrary emacs sessions, then an attacker with access to the agent's
socket can potentially do things like mount password-guessing attacks
without any visibility to the user.
It's possible that this kind of attack is already available to an
attacker who has access to both the gpg-agent socket and an allocated
TTY, via sending the TTY environment variable to the agent, which then
passes it on to pinentry -- so maybe the argument would be that this is
not strictly any worse? Do we care about these kind of attacks?
More information about the Gnupg-devel