5

After editing a couple of encrypted files with Emacs and EasyPG Assistant I realized that parts of those files were still stored in various lists within Emacs, e.g the kill-ring and the minibuffer history. This, along with things like savehist, increases the chances of sensitive information leaking.

Is there a way to specify that history should be handled differently for some buffers? E.g. that they should each have their own kill-ring and minibuffer history that is purged on buffer close and not actually stored anywhere?

thkala
  • 161
  • 3
  • 2
    How will you handling copying text from one buffer to the next if the kill-ring is not global? "*The kill ring is a list of blocks of text that were previously killed. There is only one kill ring, shared by all buffers, so you can kill text in one buffer and yank it in another buffer. This is the usual way to move text from one buffer to another. (There are several other methods: for instance, you could store the text in a register; see Registers. See Accumulating Text, for some other ways to move text around.)*" http://www.gnu.org/software/emacs/manual/html_node/emacs/Kill-Ring.html – lawlist Apr 12 '15 at 21:53
  • 1
    @lawlist: I suppose I could use the X selection. Or intermediate files. And I don't save the register history, so that might also work. Anyway, I think that in this particular case security should come before usability. – thkala Apr 12 '15 at 22:20
  • 1
    Making those variables buffer-local would be a start, though that doesn't guaranty savehist not accidentally saving those local values (I guess.). Also there aremany ways (I guess) some text may leak out to other parts of Emacs. Best solution is probably to start Emacs in a dedicated environment (with savehist disabled etc.). – politza Apr 12 '15 at 22:52
  • @politza: I've been looking at buffer-local variables, but I haven't (yet?) been able to figure out how to write a hook that can tell when a file is encrypted. I'm probably missing something obvious... – thkala Apr 12 '15 at 22:57
  • Why don't you just purge whatever you want to purge, automatically, when Emacs exits (in whatever way, other than a crash)? And perhaps also purge it periodically (say every 4 hours, with a confirmation prompt), on an idle timer? Or do so on a `kill-buffer-hook` (you can give that a local value)? – Drew Apr 13 '15 at 00:13
  • In case of security, I'd rather encrypt the clipboard content than have separate histories. Then once you want to paste the content anywhere, you'd still need to enter the pasphrase. Unfortunately, that wouldn't work if you were to encrypt it for someone else, but that's the general problem with asymmetric encryption. Even if you saved it to a file it wouldn't have worked. – wvxvw Apr 13 '15 at 09:50

1 Answers1

1

Based on the comments to my question, I was able to come up with a (partial?) solution:

  1. Create a list of variables with sensitive information.
  2. Create a function that makes them local to a buffer.
  3. Create another function that sets them to nil.
  4. Add a find-file-hook to conditionally call the first function.
  5. Add a kill-buffer-hook to conditionally call the second function.

The Emacs Lisp code:

(setq private-variable-list '(kill-ring minibuffer-history
                              regexp-search-ring search-ring))

(defun setup-private-buffer ()
  "Enhance the privacy of the current buffer"
  (interactive)
  (dolist (variable private-variable-list)
    (make-local-variable variable)))

(defun clear-private-buffer()
  "Clean-up the current private buffer"
  (interactive)
  (dolist (variable private-variable-list)
    (set variable nil)))

(add-hook 'find-file-hook
          (lambda ()
            (if epa-file-encrypt-to
                (setup-private-buffer))))

(add-hook 'kill-buffer-hook
          (lambda ()
            (if epa-file-encrypt-to
                (clear-private-buffer))))

This seems to work for all cases that I tried, although I expect that there may be a few corner cases e.g. when handling any buffer than the current one.

thkala
  • 161
  • 3