On 2000-03-30 15:14:38 +0100, Chris Tilbury wrote:
> SSH does something like this - there's a "ssh-agent"
> program which you add keys to from your keyring by
> running a program.
Guess where the wording "passphrase-agent" came from. ;-)
--
http://www.guug.de/~roessler/
On Thu, Mar 30, 2000 at 01:20:09PM +0200, Thomas Roessler muttered:
> On 2000-03-30 12:06:42 +0100, Edmund GRIMLEY EVANS wrote:
>
> > I was thinking of something simpler: mutt spawns a suid
> > program called muttpgphelper, say, and gives the
> > passphrase to this program. When mutt wants to in
I didn't expect to start a religious war, but being Jewish, I can
appreciate this
I just wanted to know why. It was cached temporarily was enough for me,
but the responses were intriguing.
:>
On Thu, Mar 30, 2000 at 01:20:09PM +0200, Thomas Roessler muttered:
> On 2000-03-30 12:06:42 +0100,
* Thomas Roessler ([EMAIL PROTECTED]) [000330 13:27]:
> > I was thinking of something simpler: mutt spawns a suid
> > program called muttpgphelper, say, and gives the
> > passphrase to this program. When mutt wants to invoke
> > gnupg it sends a request down a pipe to muttpgphelper
> > which then
On 2000-03-30 12:06:42 +0100, Edmund GRIMLEY EVANS wrote:
> I was thinking of something simpler: mutt spawns a suid
> program called muttpgphelper, say, and gives the
> passphrase to this program. When mutt wants to invoke
> gnupg it sends a request down a pipe to muttpgphelper
> which then invok
* Edmund GRIMLEY EVANS ([EMAIL PROTECTED]) [000330 13:06]:
> I was thinking of something simpler: mutt spawns a suid program called
> muttpgphelper, say, and gives the passphrase to this program. When
> mutt wants to invoke gnupg it sends a request down a pipe to
> muttpgphelper which then invokes
I was thinking of something simpler: mutt spawns a suid program called
muttpgphelper, say, and gives the passphrase to this program. When
mutt wants to invoke gnupg it sends a request down a pipe to
muttpgphelper which then invokes gnupg and gives the passphrase to
gnupg down another pipe.
pgp_ti
* Christopher Smith ([EMAIL PROTECTED]) [000330 02:09]:
> -you still need some authentication mechanism between gnupgd and
> applications, and this must somehow be fairly secure. I believe ssh2
> relies on process parent/child relationships to do
> authorization/authentication and I don't see this
On Tue, Mar 28, 2000 at 02:09:20PM +0100, Edmund GRIMLEY EVANS wrote:
> Thomas Roessler <[EMAIL PROTECTED]>:
> > > Perhaps another solution would be to have a separate
> > > suid program that remembers the passphrase and
> > > communicates somehow with the mutt process ...
> >
> > This would be u
* Thomas Roessler ([EMAIL PROTECTED]) [000328 14:57]:
> > Perhaps another solution would be to have a separate
> > suid program that remembers the passphrase and
> > communicates somehow with the mutt process ...
>
> This would be useless, since mutt would have to store that
> communication somew
Thomas Roessler <[EMAIL PROTECTED]>:
> > Perhaps another solution would be to have a separate
> > suid program that remembers the passphrase and
> > communicates somehow with the mutt process ...
>
> This would be useless, since mutt would have to store that
> communication somewhere. Thus, the
* Thomas Roessler ([EMAIL PROTECTED]) [000328 14:57]:
> While this may sound nice in theory, I really don't want
> to maintain a program of the size of mutt running setuid
> root. You are free to fork off a version which does this.
>
> (I.e., we can stop this discussion.)
Sorry for violating th
On 2000-03-28 13:37:37 +0100, Edmund GRIMLEY EVANS wrote:
> Perhaps another solution would be to have a separate
> suid program that remembers the passphrase and
> communicates somehow with the mutt process ...
This would be useless, since mutt would have to store that
communication somewhere.
On 2000-03-28 12:56:50 +0200, Terje Elde wrote:
> And on those systems where it does need root, I say the
> best thing is to give the choice to the user.
While this may sound nice in theory, I really don't want
to maintain a program of the size of mutt running setuid
root. You are free to fork
Thomas Roessler <[EMAIL PROTECTED]>:
> > I would vote in flavour of allowing mutt to be run as
> > root, only to lock the memory blocks, then su to the
> > user fast as hell. I'm not saying this is the right way
> > for all users, but it might be a desirable feature for
> > some.
>
> *grrr*
>
>
* Lars Hecking ([EMAIL PROTECTED]) [000328 12:31]:
> Just like gpg, mutt could make use of mlock() where available.
> It doesn't require root privileges on all systems.
And on those systems where it does need root, I say the best thing is to give
the choice to the user.
Terje
--
Tuj uh yaau f
> > I would vote in flavour of allowing mutt to be run as
> > root, only to lock the memory blocks, then su to the
> > user fast as hell. I'm not saying this is the right way
> > for all users, but it might be a desirable feature for
> > some.
>
> *grrr*
>
> We don't go to great lengths with mu
On Tue, Mar 28, 2000 at 11:26:19AM +0100, Lars Hecking wrote:
> Just like gpg, mutt could make use of mlock() where available.
> It doesn't require root privileges on all systems.
This mlock() stuff in GPG is giving me the hives (on HP-UX 10.20)
--
Ralf Hildebrandt <[EMAIL PROTECTED]> www.st
On 2000-03-28 11:08:20 +0200, Terje Elde wrote:
> I would vote in flavour of allowing mutt to be run as
> root, only to lock the memory blocks, then su to the
> user fast as hell. I'm not saying this is the right way
> for all users, but it might be a desirable feature for
> some.
*grrr*
We don
On 2000-03-27 22:50:11 -0600, Jason Helfman wrote:
> I notice then when pgp-signing something a mail
> message, I need to enter my password, respectively.
> However, if I send another message, pgp-signing, again.
> There is no need to enter my password. Is this being
> passed to a temp file?
It'
* Edmund GRIMLEY EVANS ([EMAIL PROTECTED]) [000328 10:52]:
> However, a copy of the passphrase may still be left in your swap
> partition. (I think that only a process running as root can prevent
> memory from being written to swap, and even then only on some systems.
> If this is incorrect, perha
Jason Helfman <[EMAIL PROTECTED]>:
> I notice then when pgp-signing something a mail message, I need to enter
> my password, respectively. However, if I send another message,
> pgp-signing, again. There is no need to enter my password. Is this being
> passed to a temp file?
It's stored in memory
I notice then when pgp-signing something a mail message, I need to enter
my password, respectively. However, if I send another message,
pgp-signing, again. There is no need to enter my password. Is this being
passed to a temp file?
--
/helfman
"At any given moment, you may find the ticket to t
23 matches
Mail list logo
