From: Bastien <bzg@altern.org>
To: Peter Jones <mlists@pmade.com>
Cc: emacs-orgmode@gnu.org
Subject: Re: org-crypt.el security problem (From: Milan Zamazal)
Date: Sun, 06 Mar 2011 10:59:07 +0100 [thread overview]
Message-ID: <87aah8lgd0.fsf@altern.org> (raw)
In-Reply-To: <m27hce7wn3.fsf@pmade.com> (Peter Jones's message of "Fri, 04 Mar 2011 08:06:40 -0700")
Hi Peter,
Peter Jones <mlists@pmade.com> writes:
> Here is an email I received from Milan Zamazal:
>
> ,----
> | I don't know whether you are aware of this, but I consider it a serious
> | security problem of org-crypt.el in (at least) Emacs 23.2:
> |
> | I've found out that when I edit a (decrypted) crypt entry and the edited
> | file is autosaved, the autosaved file contains the given crypt entry in
> | plain text. So unless the user has got a special arrangement of storing
> | autosave files to a secure location where they are also deleted
> | securely, the secret content may be accessed either in the autosave file
> | directly, or it may be later retrieved by an off-line attacker from the
> | deleted file content that remained stored somewhere on the disk.
> |
> | This should be fixed or at least a big warning should be placed in
> | org-crypt.el.
> `----
>
> I don't have time to look into this. Would someone please see if there
> is a way to prevent it. Off the top of my head, the only thing I can
> think of is disabling autosave for any org buffer that uses org-crypt.
>
> Hopefully there's an autosave hook where you can encrypt the headings
> and save to disk using a temporary buffer without having to alter the
> current buffer and interrupt the user by encrypting a heading that is
> being edited.
Actually that would be nice, but there is no such hook.
Only `auto-save-hook', which operates on the visited buffer.
I didn't find a satifactory way of dealing with this issue.
For now, loading org-crypt will send a warning advising the
user to turn auto-save-mode off in org buffers containing
crypted entries.
Thanks for bringing this up,
--
Bastien
prev parent reply other threads:[~2011-03-06 9:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-04 15:06 org-crypt.el security problem (From: Milan Zamazal) Peter Jones
2011-03-04 15:39 ` Julien Danjou
2011-03-06 10:01 ` Bastien
2011-03-06 10:47 ` Julien Danjou
2011-03-06 17:54 ` Bastien
2011-03-07 11:08 ` Julien Danjou
2011-03-06 9:59 ` Bastien [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87aah8lgd0.fsf@altern.org \
--to=bzg@altern.org \
--cc=emacs-orgmode@gnu.org \
--cc=mlists@pmade.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).