[Q] support for the OS X keychain
Eric Knauel
knauel at informatik.uni-tuebingen.de
Thu Jan 3 04:20:48 EST 2008
Thank you for your suggestions, Stephen! Here's a new version of the
patch.
On Sat 22 Dec 2007 21:17, "Stephen J. Turnbull" <stephen at xemacs.org> writes:
> Which versions have you tested with? Since it's a module, I suppose
> it can be built to be used with *any* XEmacs supporting modules,
> including 21.4? (Vin alert!)
I've tested the module with a recent 21.5 XEmacs with Mule support.
The keychain code relies on TO_EXTERNAL_FORMAT to convert a Lisp
string to malloced UTF-8 encoded C string (Apple's Carbon API wants
strings encoded as UTF-8). The lisp.h of 21.4 does not seem to have
this macro. I couldn't figure out how to convert the string with
macros of 21.4 yet --- maybe one of the 21.4 developers could give me
some advice?
> (1) The function docstring *must* document the security implications
> of passwords being left in XEmacs's memory. In particular, mention
> the trivial attack via history in M-: (the obvious direct UI to the
> API). Yes, I understand that these are single-user machines and that
> normally the only avenue to root is sudo, in which case the single
> user's system login password has to be compromised anyway. So the
> risks are low. But so is the cost of documentation/education.
Done --- hope that the docstring is clear enough.
> (2) `keychain-add' *should* be given an interactive interface that
> calls `read-password' for the password. While `read-password' is only
> "semi-secure" (as its documentation says), it does limit the risk
> quite a bit. And if you use `read-password', then improvements to it
> will automatically be used in the future.
Good point. Seems to work with the new patch. However, one issue
remains: The `passwd' library must be loaded before calling
`keychain-add' for the first time. I'm wondering whether I have to
"autoload" or "require" the `passwd' library in some sense. I found a
C function called `do_autoload' but I couldn't figure out what this
function does. What do the XEmacs developers suggest in this case?
-Eric
--
"Excuse me --- Di Du Du Duuuuh Di Dii --- Huh Weeeheeee" (Albert King)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keychain-02.patch
Type: text/x-patch
Size: 19463 bytes
Desc: not available
Url : http://lists.xemacs.org/pipermail/xemacs-patches/attachments/20080103/7a5c1321/keychain-02.bin
More information about the XEmacs-Patches
mailing list