From unknown Wed Jun 18 23:05:38 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#37196 <37196@debbugs.gnu.org> To: bug#37196 <37196@debbugs.gnu.org> Subject: Status: 27.0.50; auth-source no longer obfuscates passwords Reply-To: bug#37196 <37196@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:05:38 +0000 retitle 37196 27.0.50; auth-source no longer obfuscates passwords reassign 37196 emacs submitter 37196 Lars Ingebrigtsen severity 37196 normal tag 37196 fixed security thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 27 06:29:55 2019 Received: (at submit) by debbugs.gnu.org; 27 Aug 2019 10:29:55 +0000 Received: from localhost ([127.0.0.1]:47754 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i2YjZ-0002Tq-Ds for submit@debbugs.gnu.org; Tue, 27 Aug 2019 06:29:55 -0400 Received: from lists.gnu.org ([209.51.188.17]:44895) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i2YjX-0002Ti-FL for submit@debbugs.gnu.org; Tue, 27 Aug 2019 06:29:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60024) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i2YjW-0003JB-AM for bug-gnu-emacs@gnu.org; Tue, 27 Aug 2019 06:29:51 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i2YjU-0004lh-Pf for bug-gnu-emacs@gnu.org; Tue, 27 Aug 2019 06:29:50 -0400 Received: from quimby.gnus.org ([80.91.231.51]:35012) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i2YjU-0004lH-IW for bug-gnu-emacs@gnu.org; Tue, 27 Aug 2019 06:29:48 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1i2YjQ-0008EQ-5j for bug-gnu-emacs@gnu.org; Tue, 27 Aug 2019 12:29:46 +0200 From: Lars Ingebrigtsen To: bug-gnu-emacs@gnu.org Subject: 27.0.50; auth-source no longer obfuscates passwords Date: Tue, 27 Aug 2019 12:29:43 +0200 Message-ID: <87woey2960.fsf@gnus.org> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 80.91.231.51 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Emacs got a better pretty printer for compiled code sometime over the last few years, and that means that the obfuscator that auth-source uses no longer works. (It puts the password into a closure.) With the following in ~/.authinfo machine foo.bar login zot password foobar we get (auth-source-search :max 1 :host "foo.bar") => ((:host "foo.bar" :user "zot" :secret #[0 "" [("foobar") (nil)] 3])) with the "foobar" clearly printed out. This should be fixed by obfuscating the password in a different way. Similarly, the printed representation of auth-source-netrc-cache also has the password in clear text now. In GNU Emacs 27.0.50 (build 27, x86_64-pc-linux-gnu, GTK+ Version 3.22.11) of 2019-08-23 built on marnie Repository revision: b4065de33cf397b80e15c22740d34b4a03cfdc17 Repository branch: master Windowing system distributor 'The X.Org Foundation', version 11.0.11902000 System Description: Debian GNU/Linux 9 (stretch) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 27 07:32:58 2019 Received: (at control) by debbugs.gnu.org; 27 Aug 2019 11:32:58 +0000 Received: from localhost ([127.0.0.1]:47810 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i2Zic-000675-2H for submit@debbugs.gnu.org; Tue, 27 Aug 2019 07:32:58 -0400 Received: from mail-pg1-f180.google.com ([209.85.215.180]:44436) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i2ZiZ-00066p-QB for control@debbugs.gnu.org; Tue, 27 Aug 2019 07:32:56 -0400 Received: by mail-pg1-f180.google.com with SMTP id i18so12524550pgl.11 for ; Tue, 27 Aug 2019 04:32:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=njJJ7DYTaBakUp1EIIWvN7FzkkJnWshR/fkQ2D3gb44=; b=mlEg2isGwLid5+zmuw0+sSUNF5ounoVUQJvop81ZcHT6A+Q3ckdb5NIrjDWyT1b5oK KPasIKEuOrcs38YMG/4oEGC0QN+WpN2GhvzNlVa6w1T8xIGo4UUdMnkHf9hH5RimQQ/0 zlWqKARhs5cX/M+wleDgqxzXBVRFsuFfqqAOESckcpqMUkB1OlrpBciVTudxYU45CQTV PNUlKN2xlITICCIOTNpGCAF1jmIQXbbFyJ/CeJDnBfAVbblQ5BijuTOzExfn0OQz+GW3 voXdsMVIHUiQW75s1bt0b/VWqk1bsI9rh19KYzuhjzEtRt65M1ZiiUzLJ/2KDHIB/A7v a9UQ== X-Gm-Message-State: APjAAAWnJtY5UyNKTxK345Vu5az7wgLYCQCoYEmO4uINaB/wLzrebZxO p4MaeqTc63NJpJcOnQJm9RqTFrEHiCYXYi35yzLYzTR2 X-Google-Smtp-Source: APXvYqwAknUR2C/LWAwsQvXh05ADhZIG//na8Aclw94v/eKf77HpOdlvNsXi6vXjxmSPPQS3iyZbchZrH+SojmnwJaQ= X-Received: by 2002:aa7:9552:: with SMTP id w18mr9028498pfq.107.1566905569782; Tue, 27 Aug 2019 04:32:49 -0700 (PDT) MIME-Version: 1.0 From: Stefan Kangas Date: Tue, 27 Aug 2019 13:32:38 +0200 Message-ID: Subject: Re: bug#37196: 27.0.50; auth-source no longer obfuscates passwords To: control@debbugs.gnu.org Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.4 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.6 (/) tags 37196 security quit From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 20 16:05:43 2019 Received: (at 37196) by debbugs.gnu.org; 20 Sep 2019 20:05:43 +0000 Received: from localhost ([127.0.0.1]:58571 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBP9y-0002xV-Lu for submit@debbugs.gnu.org; Fri, 20 Sep 2019 16:05:43 -0400 Received: from quimby.gnus.org ([80.91.231.51]:35186) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBP9v-0002xF-U9 for 37196@debbugs.gnu.org; Fri, 20 Sep 2019 16:05:40 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iBP9q-0005gY-V0 for 37196@debbugs.gnu.org; Fri, 20 Sep 2019 22:05:38 +0200 From: Lars Ingebrigtsen To: 37196@debbugs.gnu.org Subject: Re: bug#37196: 27.0.50; auth-source no longer obfuscates passwords In-Reply-To: <87woey2960.fsf@gnus.org> (Lars Ingebrigtsen's message of "Tue, 27 Aug 2019 12:29:43 +0200") References: <87woey2960.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Date: Fri, 20 Sep 2019 22:05:34 +0200 Message-ID: <87woe27my9.fsf@gnus.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Lars Ingebrigtsen writes: > Emacs got a better pretty printer for compiled code sometime over the > last few years, and that means that the obfuscator that auth-source uses > no longer works. (It puts the password into a closu [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37196 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Lars Ingebrigtsen writes: > Emacs got a better pretty printer for compiled code sometime over the > last few years, and that means that the obfuscator that auth-source uses > no longer works. (It puts the password into a closure.) > > With the following in ~/.authinfo > > machine foo.bar login zot password foobar > > we get > > (auth-source-search :max 1 :host "foo.bar") > => ((:host "foo.bar" :user "zot" :secret #[0 "" [("foobar") (nil)] 3])) > > with the "foobar" clearly printed out. This should be fixed by > obfuscating the password in a different way. I have now done this -- (auth-source-search :max 1 :host "foo.bar") => ((:host "foo.bar" :user "zot" :secret #[0 "..." [(103 112 112 99 98 115) (nil) apply string mapcar 1-] 6])) It's not exactly super-secret, but I think that's as far as we can get here. I briefly considered having a per-session nonce stored in memory, and then using an encryption primitive to obfuscate the data (that would mean that anybody mistakenly mailing these around wouldn't be able to root out the password without having access to the running Emacs instance). Hm. Now that I typed that, it strikes me that this should be rather trivial to do with gnutls-symmetric-encrypt on systems where that is available. I'll give it a go... > Similarly, the printed representation of auth-source-netrc-cache also > has the password in clear text now. This was already OK. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 20 16:13:18 2019 Received: (at 37196) by debbugs.gnu.org; 20 Sep 2019 20:13:18 +0000 Received: from localhost ([127.0.0.1]:58581 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBPHK-0003AT-Df for submit@debbugs.gnu.org; Fri, 20 Sep 2019 16:13:18 -0400 Received: from quimby.gnus.org ([80.91.231.51]:35334) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBPHI-0003AJ-Ax for 37196@debbugs.gnu.org; Fri, 20 Sep 2019 16:13:16 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iBPHD-0005n2-SY for 37196@debbugs.gnu.org; Fri, 20 Sep 2019 22:13:15 +0200 From: Lars Ingebrigtsen To: 37196@debbugs.gnu.org Subject: Re: bug#37196: 27.0.50; auth-source no longer obfuscates passwords References: <87woey2960.fsf@gnus.org> <87woe27my9.fsf@gnus.org> Date: Fri, 20 Sep 2019 22:13:11 +0200 In-Reply-To: <87woe27my9.fsf@gnus.org> (Lars Ingebrigtsen's message of "Fri, 20 Sep 2019 22:05:34 +0200") Message-ID: <87sgoq7mlk.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Lars Ingebrigtsen writes: > Hm. Now that I typed that, it strikes me that this should be rather > trivial to do with gnutls-symmetric-encrypt on systems where that is > available. I'll give it a go... Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37196 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Lars Ingebrigtsen writes: > Hm. Now that I typed that, it strikes me that this should be rather > trivial to do with gnutls-symmetric-encrypt on systems where that is > available. I'll give it a go... Fortunately I remembered that I had already written all this symmetric encryption stuff in a separate project, so I just cut and paste a bit. (I mean, the encryption primitives are already in Emacs, but actually using them requires a bit of typing...) (auth-source-search :max 1 :host "foo.bar") => ((:host "foo.bar" :user "zot" :secret #[0 "..." ["Ng==-26GRPWrYlJnQAE+8gaEDcg==-DThpcRwaAi5ZBXQZC0rC3g==" (nil) auth-source--deobfuscate] 3])) There. That's better. It does leak that the password is 6 characters long, though, but that's a lot less leaky than ... it was before. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 20 16:13:23 2019 Received: (at control) by debbugs.gnu.org; 20 Sep 2019 20:13:24 +0000 Received: from localhost ([127.0.0.1]:58584 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBPHP-0003Ao-Nb for submit@debbugs.gnu.org; Fri, 20 Sep 2019 16:13:23 -0400 Received: from quimby.gnus.org ([80.91.231.51]:35346) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBPHO-0003Af-AV for control@debbugs.gnu.org; Fri, 20 Sep 2019 16:13:22 -0400 Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iBPHL-0005n9-Le for control@debbugs.gnu.org; Fri, 20 Sep 2019 22:13:21 +0200 Date: Fri, 20 Sep 2019 22:13:19 +0200 Message-Id: <87r24a7mlc.fsf@gnus.org> To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #37196 X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: tags 37196 fixed close 37196 27.1 quit Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tags 37196 fixed close 37196 27.1 quit From unknown Wed Jun 18 23:05:38 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 19 Oct 2019 11:24:11 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator