<<< Date Index >>>     <<< Thread Index >>>

Re: mutt/580: mutt stores PGP passphrase insecurely



On Mon, Oct 24, 2005 at 11:03:15AM -0400, Derek Martin wrote:

> The only semi-reasonable solution I can think of is to have mutt
> SUID, allocate a block of memory for storing the passphrase as soon
> as humanly possible, and drop privileges immediately.  The amount of
> exposed code should be very minimal...

Which is what GnuPG does, incidentally.

David