Hi Peter, Peter Jones <mli...@pmade.com> writes:
> Here is an email I received from Milan Zamazal: > > ,---- > | I don't know whether you are aware of this, but I consider it a serious > | security problem of org-crypt.el in (at least) Emacs 23.2: > | > | I've found out that when I edit a (decrypted) crypt entry and the edited > | file is autosaved, the autosaved file contains the given crypt entry in > | plain text. So unless the user has got a special arrangement of storing > | autosave files to a secure location where they are also deleted > | securely, the secret content may be accessed either in the autosave file > | directly, or it may be later retrieved by an off-line attacker from the > | deleted file content that remained stored somewhere on the disk. > | > | This should be fixed or at least a big warning should be placed in > | org-crypt.el. > `---- > > I don't have time to look into this. Would someone please see if there > is a way to prevent it. Off the top of my head, the only thing I can > think of is disabling autosave for any org buffer that uses org-crypt. > > Hopefully there's an autosave hook where you can encrypt the headings > and save to disk using a temporary buffer without having to alter the > current buffer and interrupt the user by encrypting a heading that is > being edited. Actually that would be nice, but there is no such hook. Only `auto-save-hook', which operates on the visited buffer. I didn't find a satifactory way of dealing with this issue. For now, loading org-crypt will send a warning advising the user to turn auto-save-mode off in org buffers containing crypted entries. Thanks for bringing this up, -- Bastien
