<snip> > So i compose my reply, and i'm just about to click the Send button, when i > notice, quite by chance, that the reply is *not* encrypted by default, and i > am not warned about this fact. My reply, and my entire past exchange with > the source, is about to go out in fscking clear text! Most if not all mailers are affected by certain bugs related to this. It "forgets" the passphrase, but does it free the variable? Does it wipe the variable with 0's or random data as soon as it is done with the passphrase, assuming it is supposed to forget it? Does it page to swap? Can this be prevented by running as root, which can do an mlockall()? Is the binary suid root to allow non-root users to mlockall()? Are privileges dropped? Is running suid root the best way to solve this problem? Is a temp file used to create the encrypted message? Is the temp file securely wiped? Where is the temp file written? Can simply encrypting/decrypting by hand and importing/exporting/cutting/pasting into the mail program an easier way to solve this for paranoid users? Most mailers fail one or more of these tests. If this hasn't been discussed, it should be, but it should also be discussed in the context of whether the system running GPG is secure or not, and how hard would it be to exploit the bugs. If someone can access your swap, you have all kinds of problems, not just the possible passphrase recovery from the swap itself. As far as the functional bugs as stated below in mailers, I'm sure there are others as I have seen this type of bug before -- where you are allowed to sent email unencrypted when you think it is encrypted -- although for the life of me I cannot remember the mail program. IIRC I did report the error to the mailer's authors, but switched mailers. I recommend either contacting the authors, writing a patch, or switching mail programs. -- - Simple Nomad ---- thegnome@xxxxxxxx ---- thegnome@xxxxxxxxxxxxxxxxxx - - "Patriotism means to stand by the country. It does not mean to stand - - by the President or any other public official." - Theodore Roosevelt -
Attachment:
signature.asc
Description: This is a digitally signed message part