Author: stsp Date: Tue Jul 26 12:11:05 2011 New Revision: 1151069 URL: http://svn.apache.org/viewvc?rev=1151069&view=rev Log: * subversion/libsvn_subr/gpg_agent.c: Add a comment that explains how this auth cache provider operates, including security considerations.
Modified: subversion/trunk/subversion/libsvn_subr/gpg_agent.c Modified: subversion/trunk/subversion/libsvn_subr/gpg_agent.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/gpg_agent.c?rev=1151069&r1=1151068&r2=1151069&view=diff ============================================================================== --- subversion/trunk/subversion/libsvn_subr/gpg_agent.c (original) +++ subversion/trunk/subversion/libsvn_subr/gpg_agent.c Tue Jul 26 12:11:05 2011 @@ -23,6 +23,36 @@ /* ==================================================================== */ +/* This auth provider stores a plaintext password in memory managed by + * a running gpg-agent. In contrast to other password store providers + * it does not save the password to disk. + * + * Prompting is performed by the gpg-agent using a "pinentry" program + * which needs to be installed separately. There are several pinentry + * implementations with different front-ends (e.g. qt, gtk, ncurses). + * + * The gpg-agent will let the password time out after a while, + * or immediately when it receives the SIGHUP signal. + * When the password has timed out it will automatically prompt the + * user for the password again. This is transparent to Subversion. + * + * SECURITY CONSIDERATIONS: + * + * Communication to the agent happens over a UNIX socket, which is located + * in a directory which only the user running Subversion can access. + * However, any program the user runs could access this socket and get + * the Subversion password if the program knows the "cache ID" Subversion + * uses for the password. + * The cache ID is very easy to obtain for programs running as the same user. + * Subversion uses the MD5 of the realmstring as cache ID, and these checksums + * are also used as filenames within ~/.subversion/auth/svn.simple. + * Unlike GNOME Keyring or KDE Wallet, the user is not prompted for + * permission if another program attempts to access the password. + * + * Therefore, while the gpg-agent is running and has the password cached, + * this provider is no more secure than a file storing the password in + * plaintext. + */ /*** Includes. ***/