bug#38125: 27.0.50; All "https" connections require ".authinfo.gpg" access

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#38125: 27.0.50; All "https" connections require ".authinfo.gpg" access

José L. Doménech

https connections seems to access the .authinfo.gpg file.

Reproducible with:

$ gpgconf --reload gpg-agent
$ emacs -Q
M-x package-list-packages
[trying to access to .authinfo.gpg]
M-x eww <enter> https://www.fsf.org
[trying to access to .authinfo.gpg]


In GNU Emacs 27.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.22.30)
 of 2019-11-08 built on JTPEE330
Repository revision: 42eaac3134ee199ffb20863c42c1867d25b33623
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12004000
System Description: Ubuntu 18.04.3 LTS

Recent messages:
Package refresh done
Setting ‘package-selected-packages’ temporarily since "emacs -q" would overwrite customizations
Failed to download ‘gnu’ archive.
Contacting host: www.fsf.org:443
Decrypting /home/jose/.authinfo.gpg...done
epa-file-insert-file-contents: Opening input file: Decryption failed,
Contacting host: www.google.es:80
uncompressing publicsuffix.txt.gz...done
You can run the command ‘eww’ with G
uncompressing publicsuffix.txt.gz...done

Configured using:
 'configure --with-mailutils'

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND GPM DBUS GSETTINGS GLIB NOTIFY INOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM MODULES THREADS PDUMPER LCMS2 GMP

Important settings:
  value of $LANG: es_ES.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message dired dired-loaddefs rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mailabbrev gmm-utils mailheader
sendmail timezone parse-time iso8601 shr-color color cl-extra help-mode
jka-compr eww mm-url gnus nnheader gnus-util rmail rmail-loaddefs
mail-utils thingatpt url-queue shr text-property-search svg xml dom
format-spec time-date mule-util cus-edit cus-start cus-load wid-edit
epa-file epa derived gnutls network-stream url-http mail-parse rfc2231
rfc2047 rfc2045 mm-util ietf-drums mail-prsvr url-gw nsm rmc puny
url-cache url-auth url url-proxy url-privacy url-expand url-methods
url-history url-cookie url-domsuf url-util mailcap epg epg-config
finder-inf package easymenu browse-url url-handlers url-parse
auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs
password-cache json subr-x map url-vars seq byte-opt gv bytecomp
byte-compile cconv cl-loaddefs cl-lib tooltip eldoc electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel term/x-win x-win
term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads dbusbind inotify lcms2 dynamic-setting
system-font-setting font-render-setting move-toolbar gtk x-toolkit x
multi-tty make-network-process emacs)

Memory information:
((conses 16 192534 10278)
 (symbols 48 12165 1)
 (strings 32 50650 2143)
 (string-bytes 1 1354523)
 (vectors 16 18145)
 (vector-slots 8 236853 11740)
 (floats 8 217 210)
 (intervals 56 9032 336)
 (buffers 1000 15))



Reply | Threaded
Open this post in threaded view
|

bug#38125: 27.0.50; All "https" connections require ".authinfo.gpg" access

Robert Pluim
>>>>> On Fri, 08 Nov 2019 11:46:46 +0100, José L. Domenech <[hidden email]> said:

    José> https connections seems to access the .authinfo.gpg file.

    José> Reproducible with:

    José> $ gpgconf --reload gpg-agent
    José> $ emacs -Q
    José> M-x package-list-packages
    José> [trying to access to .authinfo.gpg]
    José> M-x eww <enter> https://www.fsf.org
    José> [trying to access to .authinfo.gpg]

OK. What problems does that cause?

Robert



Reply | Threaded
Open this post in threaded view
|

bug#38125: 27.0.50; All "https" connections require ".authinfo.gpg" access

Robert Pluim

Please keep [hidden email] in the CC

>>>>> On Fri, 08 Nov 2019 14:11:33 +0100, José L. Domenech <[hidden email]> said:

    José> It's annoying and suspicious.

Emacs reads files off the disk all the time, I donʼt see why this
would be any more suspicious.

    José> Give permissions to a file containing sensible content when it is not
    José> really necessary (at least I do not keep in this file any information that can be
    José> used in a https connection) or a trivial operation (like surfing the
    José> Internet) fails.

You donʼt keep any such information there, but other people do, and
'surfing the internet' doesnʼt count as trivial these days. My browser
reads a list of passwords all the time without every asking me anything.

Anyway, since the epa file handler does not react well to you
cancelling decryption, and thereʼs no way that I can see to tell it to
not pop up that failure buffer, the only recourse I see is for you to
customize 'network-stream-use-client-certificates' to nil.

Robert



Reply | Threaded
Open this post in threaded view
|

bug#38125: 27.0.50; All "https" connections require ".authinfo.gpg" access

Robert Pluim
tags 38125 fixed
close 38125 27.1
quit

>>>>> On Fri, 08 Nov 2019 19:59:31 +0100, José L. Domenech <[hidden email]> said:

    José> Thanks for your time and sorry for any inconvenience that this report
    José> could have made you.

No worries. I wrote the relevant code, itʼs my responsibility.

    José> I really wasn't aware about .authinfo containing cert info (as clearly
    José> is stated in the manual)

>> Anyway, since the epa file handler does not react well to you
    >> cancelling decryption, and thereʼs no way that I can see to tell it to
    >> not pop up that failure buffer, the only recourse I see is for you to
    >> customize 'network-stream-use-client-certificates' to nil.
    >>
    >> Robert

    José> I think is a good solution (for me) as it simplifies my Internet use from Emacs.

    José> Thanks again to take the time to instruct me and find a personalized solution.

Thanks for reporting the issue. Iʼm thinking of a way to avoid the
error you get when cancelling the decryption, which will improve
emacs. Iʼll close this bug report.

Robert



Reply | Threaded
Open this post in threaded view
|

bug#38125: 27.0.50; All "https" connections require ".authinfo.gpg" access

Tassilo Horn-6
In reply to this post by Robert Pluim
Robert Pluim <[hidden email]> writes:

>     José> M-x package-list-packages
>     José> [trying to access to .authinfo.gpg]
>
> OK. What problems does that cause?

FWIW, it forces me to enter my GPG password when I habitually fetch ELPA
updates in the morning.  That's mildly annoying though I'd usually have
to enter it some time later anyway when accessing some encrypted file or
reading my mail.

Bye,
Tassilo