Re: mutt/580: mutt stores PGP passphrase insecurely

To: Mutt Developers <mutt-dev@xxxxxxxx>
Subject: Re: mutt/580: mutt stores PGP passphrase insecurely
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Mon, 24 Oct 2005 11:07:40 -0400
In-reply-to: <20051024150315.GA18928@xxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: Mutt Developers <mutt-dev@xxxxxxxx>
Openpgp: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
References: <mutt-pr-580@xxxxxxxxxxxxx> <E1EU36M-0001lp-9j@xxxxxxxxxxxxxxxxxxxx> <20051024150315.GA18928@xxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.11

On Mon, Oct 24, 2005 at 11:03:15AM -0400, Derek Martin wrote:

> The only semi-reasonable solution I can think of is to have mutt
> SUID, allocate a block of memory for storing the passphrase as soon
> as humanly possible, and drop privileges immediately.  The amount of
> exposed code should be very minimal...

Which is what GnuPG does, incidentally.

David

Follow-Ups:
- Re: mutt/580: mutt stores PGP passphrase insecurely
  - From: Derek Martin

References:
- Re: mutt/580: mutt stores PGP passphrase insecurely
  - From: TAKAHASHI Tamotsu
- Re: mutt/580: mutt stores PGP passphrase insecurely
  - From: Derek Martin

Prev by Date: Re: mutt/580: mutt stores PGP passphrase insecurely
Next by Date: Re: mutt/580: mutt stores PGP passphrase insecurely
Previous by thread: Re: mutt/580: mutt stores PGP passphrase insecurely
Next by thread: Re: mutt/580: mutt stores PGP passphrase insecurely
Index(es):
- Date
- Thread