password-store.el for emacs doesn't inhibit backup-files

Wed Mar 16 14:07:13 UTC 2022

Hello all,

I found that when I edit passwords in emacs via `password-store-edit`, emacs creates backup-files with plain-text passwords, which in my personal configuration (via no-littering.el) are stored persitently in my home directory. As I understand, the above emacs commands just runs `pass edit` in a subprocess, so that the password is edited in /dev/shm as a text-file in the normal `text-mode`.

When using emacs directly to open gpg files to edit their plain-text content, emacs does the right thing and encrypts the backups, but that's not the case for editing plain-text-files. Also, the absense of a special emacs-mode for editing passwords make it a bit more tricky to disable backups for password-files. E.g. the emacs backup documentation [1] give the following example for disabling backups for a specific major mode:

   (add-hook 'rmail-mode-hook
           (lambda () (setq-local make-backup-files nil)))

It would be nice to somehow also set `make-backup-files` to nil for password-files. Ideally, that could be should be in the password-store package to have security by default. The solution that I found for me was to edit `backup-enable-predicate` (which takes a file path) to disable backups for files in `/dev/shm`:

   (defun my-backup-enable-predicate (name)
       (and (normal-backup-enable-predicate name)
           (not (s-starts-with-p "/dev/shm" fpath))))

   (setq backup-enable-predicate #'my-backup-enable-predicate)

This works for me but isn't an ideal solution. password-store.el might an an advice to `backup-enable-predicate` to extend it, though modifying a user-option doesn't seem ideal to me.

I found that the `pass` emacs-package [2], which wraps and extends password-store.el, does open the GPG file directly with a special major-mode when using its `pass-view` command, which prevents the issue.

But I think there should be a solution that really works with `pass edit`, even when invoked from the CLI. Of course it will only ever work if the user also loads password-store.el in their emacs initialization, but it's better than nothing.

Any suggestions how this could be done within password-store.el? Or is just something wrong with my config? Should we maybe document this behavior somewhere to raise awareness? Maybe that's something that should be fixed from emacs-side, e.g. by not having backups by default for `/dev/shm`?

Cheers,
Michael Eliachevitch

[1]: https://www.gnu.org/software/emacs/manual/html_node/elisp/Making-Backups.html
[2]: https://github.com/NicolasPetton/pass

--
Michael Eliachevitch
Public PGP Key: https://keyoxide.org/hkp/546908c782383ad0e7d894ec1b8f95c8125dce31
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 519 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20220316/3d143207/attachment.sig>