On Thu, Sep 21, 2006 at 06:50:06PM -0400, David Shaw wrote: > At least on Linux, mutt can do the right thing with storing > passphrases securely. This may be true on other systems as well, but > I can only say for sure about Linux, A quick experiment seems to show that's true. The attached patch seems to work for me (in the sense of "no errors returned", rather than actually checking the contents of swapfiles). It doesn't do anything except log a debug message if it can't lock/unlock memory, which to me seems harmless but it's possible other systems might take exception to a non-root process trying to mlock. Could people using *BSD, Solaris etc. test this out please? We might also want to raise the debuglevel from 3 to something higher once it's tested... -- Paul
diff -r a47e56ccd99d PATCHES --- a/PATCHES Fri Sep 08 18:29:12 2006 +0000 +++ b/PATCHES Fri Sep 22 13:17:10 2006 +0100 @@ -0,0 +1,1 @@ +patch-1.5.13.pw.pgpmlock.1 diff -r a47e56ccd99d main.c --- a/main.c Fri Sep 08 18:29:12 2006 +0000 +++ b/main.c Fri Sep 22 13:17:10 2006 +0100 @@ -964,6 +964,9 @@ int main (int argc, char **argv) if (Context) FREE (&Context); } +#ifdef CRYPT_BACKEND_CLASSIC_PGP + pgp_void_passphrase (); +#endif #ifdef USE_IMAP imap_logout_all (); #endif diff -r a47e56ccd99d pgp.c --- a/pgp.c Fri Sep 08 18:29:12 2006 +0000 +++ b/pgp.c Fri Sep 22 13:17:10 2006 +0100 @@ -64,10 +64,19 @@ char PgpPass[LONG_STRING]; time_t PgpExptime = 0; /* when does the cached passphrase expire? */ +int mlocked = 0; void pgp_void_passphrase (void) { memset (PgpPass, 0, sizeof (PgpPass)); + if (mlocked) + { + if (munlock(PgpPass, sizeof(PgpPass))) + dprint (3, (debugfile, "Couldn't unlock passphrase in memory.\n")); + /* If we couldn't unlock it just now, probably never going to be able to. + * Doesn't seem much point in continuing to try. */ + mlocked = 0; + } PgpExptime = 0; } @@ -90,6 +99,10 @@ int pgp_valid_passphrase (void) if (mutt_get_password (_("Enter PGP passphrase:"), PgpPass, sizeof (PgpPass)) == 0) { PgpExptime = time (NULL) + PgpTimeout; + if (mlock(PgpPass, sizeof(PgpPass))) + dprint (3, (debugfile, "Couldn't lock passphrase in memory.\n")); + else + mlocked = 1; return (1); } else
Attachment:
signature.asc
Description: Digital signature