A few months ago, Ben Elliston suggested a change to the pgp_timeout behavior such that if the cached passphrase was used, the time remaining before the cache was cleared would be extended. This is one of those things that is great if you want that behavior (it lets you have a very low pgp_timeout value), but not great if someone gets ahold of your session (by continually sending messages, the attacker can keep your passphrase alive indefinitely). Anyway, here's a variation on that idea that lets the user pick the behavior they want. The current behavior is unchanged, but if they specify a negative pgp_timeout, Ben's semantics kick in. David
Index: crypt.c =================================================================== RCS file: /home/roessler/cvs/mutt/crypt.c,v retrieving revision 3.24 diff -u -r3.24 crypt.c --- crypt.c 13 Apr 2004 08:02:12 -0000 3.24 +++ crypt.c 27 Apr 2004 13:53:57 -0000 @@ -123,13 +123,22 @@ return 1; /* handled by gpg-agent */ } - if (now < PgpExptime) return 1; /* just use the cached copy. */ + /* Use the cached copy? */ + if (now < PgpExptime) + { + /* If the timeout is negative, extend the expiration time. */ + if(PgpTimeout<0) + PgpExptime = time (NULL) + abs(PgpTimeout); + + return 1; + + } crypt_pgp_void_passphrase (); if (mutt_get_password (_("Enter PGP passphrase:"), PgpPass, sizeof (PgpPass)) == 0) { - PgpExptime = time (NULL) + PgpTimeout; + PgpExptime = time (NULL) + abs(PgpTimeout); return (1); } else Index: init.h =================================================================== RCS file: /home/roessler/cvs/mutt/init.h,v retrieving revision 3.47 diff -u -r3.47 init.h --- init.h 13 Apr 2004 08:02:12 -0000 3.47 +++ init.h 27 Apr 2004 13:54:01 -0000 @@ -1448,8 +1448,10 @@ { "pgp_timeout", DT_NUM, R_NONE, UL &PgpTimeout, 300 }, /* ** .pp - ** The number of seconds after which a cached passphrase will expire if - ** not used. + ** The number of seconds after which a cached passphrase will + ** expire. If the value is negative, then the time remaining for + ** the passphrase is reset to the specified number of seconds each + ** time the cached passphrase is used. ** (PGP only) */ { "pgp_sort_keys", DT_SORT|DT_SORT_KEYS, R_NONE, UL &PgpSortKeys, SORT_ADDRESS },
Attachment:
pgpyYqum6g2cF.pgp
Description: PGP signature