Re: PGP timeout patch

To: mutt-dev@xxxxxxxx
Subject: Re: PGP timeout patch
From: Will Fiveash <william.fiveash@xxxxxxx>
Date: Mon, 2 Feb 2004 09:32:02 -0600
Cc: Ben Elliston <bje+dated+1074917314.d5e4f1@xxxxxxxxxx>
In-reply-to: <20040201175450.GA9150@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-dev@xxxxxxxx, Ben Elliston <bje+dated+1074917314.d5e4f1@xxxxxxxxxx>
References: <20040119150831.A3509@xxxxxxxxxxxxxxxxxx> <20040201175450.GA9150@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.4.1i

On Sun, Feb 01, 2004 at 06:54:50PM +0100, Thomas Roessler wrote:
> Sounds good to me.  Any thoughts from others?

If I understand the explanation of the patch, it sounds like it violates
the point of having the pgp/gpg password expire which is that the mutt
user must provide the password to limit the damage done if someone else
gains access to the mutt session.  Extending the cache time of the
password allows more spoofed e-mails.

> On 2004-01-19 15:08:31 +1100, Ben Elliston wrote:
> > From: Ben Elliston <bje+dated+1074917314.d5e4f1@xxxxxxxxxx>
> > To: mutt-dev@xxxxxxxx
> > Date: Mon, 19 Jan 2004 15:08:31 +1100
> > Subject: PGP timeout patch
> > X-Spam-Level: *
> > 
> > The following (rough) patch refines the PGP passphrase timeout
> > mechanism, such that sending a message with a cached passphrase will
> > restart the expiry timer.  This has the advantage that:
> > 
> >   * sending a continuous stream of messages will prevent Mutt
> >     from repeatedly asking for the passphrase, irritating the user;
> > 
> >   * the user can choose a much lower timeout value as a result.
> > 
> > If the idea of this patch is acceptable, I will tidy it up, make sure
> > that the patch applies cleanly to CVS head and test it.
> > 
> > Cheers, Ben
> > 
> > --- pgp.c.orig      2002-01-10 02:39:28.000000000 +1100
> > +++ pgp.c
> > @@ -55,7 +55,7 @@
> >  
> >  
> >  char PgpPass[STRING];
> > -static time_t PgpExptime = 0; /* when does the cached passphrase expire? */
> > +time_t PgpExptime = 0; /* when does the cached passphrase expire? */
> >  
> >  void pgp_void_passphrase (void)
> >  {
> > 
> > --- send.c.orig     2002-01-31 09:50:59.000000000 +1100
> > +++ send.c
> > @@ -1611,6 +1611,13 @@ full_fcc:
> >      }
> >    }
> >  
> > +#ifdef HAVE_PGP
> > +  {
> > +    /* Extend the expiry time while messages keep getting sent.  */
> > +    extern time_t PgpExptime;
> > +    PgpExptime = time (NULL) + PgpTimeout;
> > +  }
> > +#endif /* HAVE_PGP */
> >  
> >    rv = 0;
> 
> 
> 
> -- 
> Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.

-- 
Will Fiveash
(signing my e-mail with GnuPG so you'll know this came from me and not
 a virus. My key ID is 7D31DC39. Key server: www.keyserver.net)

Attachment: pgpuZI4bbz47Q.pgp
Description: PGP signature

References:
- PGP timeout patch
  - From: Ben Elliston
- Re: PGP timeout patch
  - From: Thomas Roessler

Prev by Date: Re: Bug#222191: patch-1.4.1.tt.compat.1 for mutt fixes this bug
Next by Date: Re: [patch] config_charset variable (wishlist #1642)
Previous by thread: Re: PGP timeout patch
Next by thread: Re: PGP timeout patch
Index(es):
- Date
- Thread