PGP timeout patch revisited

To: mutt-dev@xxxxxxxx
Subject: PGP timeout patch revisited
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Tue, 27 Apr 2004 09:57:31 -0400
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-dev@xxxxxxxx
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.6i

A few months ago, Ben Elliston suggested a change to the pgp_timeout
behavior such that if the cached passphrase was used, the time
remaining before the cache was cleared would be extended.

This is one of those things that is great if you want that behavior
(it lets you have a very low pgp_timeout value), but not great if
someone gets ahold of your session (by continually sending messages,
the attacker can keep your passphrase alive indefinitely).

Anyway, here's a variation on that idea that lets the user pick the
behavior they want.  The current behavior is unchanged, but if they
specify a negative pgp_timeout, Ben's semantics kick in.

David

Index: crypt.c
===================================================================
RCS file: /home/roessler/cvs/mutt/crypt.c,v
retrieving revision 3.24
diff -u -r3.24 crypt.c
--- crypt.c     13 Apr 2004 08:02:12 -0000      3.24
+++ crypt.c     27 Apr 2004 13:53:57 -0000
@@ -123,13 +123,22 @@
       return 1; /* handled by gpg-agent */
     }
 
-    if (now < PgpExptime) return 1; /* just use the cached copy. */
+    /* Use the cached copy? */
+    if (now < PgpExptime)
+      {
+       /* If the timeout is negative, extend the expiration time. */
+       if(PgpTimeout<0)
+         PgpExptime = time (NULL) + abs(PgpTimeout);
+
+       return 1;
+
+      }
     crypt_pgp_void_passphrase ();
       
     if (mutt_get_password (_("Enter PGP passphrase:"),
                            PgpPass, sizeof (PgpPass)) == 0)
     {
-      PgpExptime = time (NULL) + PgpTimeout;
+      PgpExptime = time (NULL) + abs(PgpTimeout);
       return (1);
     }
     else
Index: init.h
===================================================================
RCS file: /home/roessler/cvs/mutt/init.h,v
retrieving revision 3.47
diff -u -r3.47 init.h
--- init.h      13 Apr 2004 08:02:12 -0000      3.47
+++ init.h      27 Apr 2004 13:54:01 -0000
@@ -1448,8 +1448,10 @@
   { "pgp_timeout",     DT_NUM,  R_NONE, UL &PgpTimeout, 300 },
   /*
   ** .pp
-  ** The number of seconds after which a cached passphrase will expire if
-  ** not used.
+  ** The number of seconds after which a cached passphrase will
+  ** expire.  If the value is negative, then the time remaining for
+  ** the passphrase is reset to the specified number of seconds each
+  ** time the cached passphrase is used.
   ** (PGP only)
   */
   { "pgp_sort_keys",   DT_SORT|DT_SORT_KEYS, R_NONE, UL &PgpSortKeys, 
SORT_ADDRESS },

Attachment: pgpyYqum6g2cF.pgp
Description: PGP signature

Prev by Date: Re: [patch] crypto modularization
Next by Date: [patch] width parameter in mailcap
Previous by thread: patchset
Next by thread: [patch] width parameter in mailcap
Index(es):
- Date
- Thread