1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/org/emacs-password.org	Tue Mar 12 12:31:01 2013 +0000
     1.3 @@ -0,0 +1,86 @@
     1.4 +#+title: Password Security in Emacs Terminal Emulators
     1.5 +#+author: Robert McIntyre
     1.6 +#+email: rlm@mit.edu
     1.7 +#+description: emacs terminal password security
     1.8 +#+keywords: emacs, password, security, term
     1.9 +#+SETUPFILE: ../../aurellem/org/setup.org
    1.10 +#+INCLUDE: ../../aurellem/org/level-0.org
    1.11 +#+babel: :mkdirp yes :noweb yes :exports both
    1.12 +
    1.13 +I use emacs for everything -- email, programming, document
    1.14 +preparation, planning... You name it, I do it! One thing which I use
    1.15 +emacs for is terminal emulation, which is where you create a buffer in
    1.16 +emacs where you can enter commands as if the buffer were a
    1.17 +terminal. Good terminal emulation packages for emacs include
    1.18 +=multi-term= and =term=.
    1.19 +
    1.20 +* Watch Out for =view-lossave=!
    1.21 +However, if you are going to use terminal emulation in emacs, you have
    1.22 +to be careful around "sudo" prompts, and when logging into other
    1.23 +servers using ssh, because /the last 300 keystrokes you have types in
    1.24 +emacs are available/ using =C-h l=, a help function in emacs which
    1.25 +displays the last keypresses you have types.
    1.26 +
    1.27 +#+begin_example
    1.28 +C-h l runs the command view-lossage, which is an interactive compiled
    1.29 +Lisp function in `help.el'.
    1.30 +
    1.31 +It is bound to C-h l, <help> l.
    1.32 +
    1.33 +(view-lossage)
    1.34 +
    1.35 +Display last 300 input keystrokes.
    1.36 +#+end_example
    1.37 +
    1.38 +Let's say my password is "sup3r-seekrit#7".
    1.39 +
    1.40 +I open an emacs terminal using =M-x multi-term=, then do the following
    1.41 +
    1.42 +#+begin_example
    1.43 +[~] $ ssh rlm@linerva.mit.edu
    1.44 +Password: 
    1.45 +
    1.46 +Welcome to Linerva, the SIPB Linux dialup for MIT.
    1.47 +Linerva runs Debathena on Debian squeeze.
    1.48 + http://linerva.mit.edu                           for more information
    1.49 + blanche linerva-announce -a $USER          # for outage announcements
    1.50 + linerva@mit.edu              (not IS&T) for questions and bug reports
    1.51 +
    1.52 +Last login: Mon Mar  4 12:53:23 2013 from ella.csail.mit.edu
    1.53 +rlm@dr-wily:~$ exit
    1.54 +logout
    1.55 +Connection to linerva.mit.edu closed.
    1.56 +#+end_example
    1.57 +
    1.58 +Now, when I type =C-h l=, I can see this:
    1.59 +
    1.60 +#+begin_example
    1.61 +s s h SPC r l m @ l i n e r v a . m i t . e d u <return>
    1.62 +s u p 3 r - s e e k r i t # 7 <return> e x i t C-h l
    1.63 +#+end_example
    1.64 +
    1.65 +Needless to say, this can be a security vulnerability.
    1.66 +
    1.67 +* Solutions to this problem
    1.68 +
    1.69 + - If you don't ever type your password into an emacs terminal buffer,
    1.70 +   then you are not at risk. This can be accomplished by using ssh
    1.71 +   keyfiles or kereberos for connecting to remote servers, and by
    1.72 +   enabling passwordless sudo.
    1.73 +
    1.74 + - You can disable emacs keylogging, though you then won't be able to
    1.75 +   use the =view-lossage= command anymore.
    1.76 +
    1.77 + - If there's no way for an attacker to get into your emacs process,
    1.78 +   then your passwords are safe. Still, you run the risk of someone
    1.79 +   physically near your computer using this method to view your
    1.80 +   password, as well as inadvertently exposing your password when
    1.81 +   showing someone what =view-lossage= does!
    1.82 +
    1.83 +* Source Listing
    1.84 +#+html: <ul> <li> <a href="../org/emacs-password.org">This org file</a> </li> </ul>
    1.85 +
    1.86 +    
    1.87 +
    1.88 +
    1.89 +