Re: [O] org-crypt.el security problem (From: Milan Zamazal)

[Bastien]

Hi Peter,

Peter Jones <address@hidden> writes:

> Here is an email I received from Milan Zamazal:
>
> ,----
> | I don't know whether you are aware of this, but I consider it a serious
> | security problem of org-crypt.el in (at least) Emacs 23.2:
> | 
> | I've found out that when I edit a (decrypted) crypt entry and the edited
> | file is autosaved, the autosaved file contains the given crypt entry in
> | plain text.  So unless the user has got a special arrangement of storing
> | autosave files to a secure location where they are also deleted
> | securely, the secret content may be accessed either in the autosave file
> | directly, or it may be later retrieved by an off-line attacker from the
> | deleted file content that remained stored somewhere on the disk.
> | 
> | This should be fixed or at least a big warning should be placed in
> | org-crypt.el.
> `----
>
> I don't have time to look into this.  Would someone please see if there
> is a way to prevent it.  Off the top of my head, the only thing I can
> think of is disabling autosave for any org buffer that uses org-crypt.
>
> Hopefully there's an autosave hook where you can encrypt the headings
> and save to disk using a temporary buffer without having to alter the
> current buffer and interrupt the user by encrypting a heading that is
> being edited.

Actually that would be nice, but there is no such hook.  
Only `auto-save-hook', which operates on the visited buffer.

I didn't find a satifactory way of dealing with this issue.  

For now, loading org-crypt will send a warning advising the
user to turn auto-save-mode off in org buffers containing 
crypted entries.

Thanks for bringing this up,

-- 
 Bastien