<<< Date Index >>>     <<< Thread Index >>>

Re: mutt/580: mutt stores PGP passphrase insecurely



On Thu, Sep 21, 2006 at 06:50:06PM -0400, David Shaw wrote:

> At least on Linux, mutt can do the right thing with storing
> passphrases securely.  This may be true on other systems as well, but
> I can only say for sure about Linux,

A quick experiment seems to show that's true. The attached patch seems to
work for me (in the sense of "no errors returned", rather than
actually checking the contents of swapfiles).

It doesn't do anything except log a debug message if it can't lock/unlock
memory, which to me seems harmless but it's possible other systems might
take exception to a non-root process trying to mlock. Could people using
*BSD, Solaris etc. test this out please?

We might also want to raise the debuglevel from 3 to something higher once
it's tested...

-- 
Paul
diff -r a47e56ccd99d PATCHES
--- a/PATCHES   Fri Sep 08 18:29:12 2006 +0000
+++ b/PATCHES   Fri Sep 22 13:17:10 2006 +0100
@@ -0,0 +1,1 @@
+patch-1.5.13.pw.pgpmlock.1
diff -r a47e56ccd99d main.c
--- a/main.c    Fri Sep 08 18:29:12 2006 +0000
+++ b/main.c    Fri Sep 22 13:17:10 2006 +0100
@@ -964,6 +964,9 @@ int main (int argc, char **argv)
       if (Context)
        FREE (&Context);
     }
+#ifdef CRYPT_BACKEND_CLASSIC_PGP
+    pgp_void_passphrase ();
+#endif
 #ifdef USE_IMAP
     imap_logout_all ();
 #endif
diff -r a47e56ccd99d pgp.c
--- a/pgp.c     Fri Sep 08 18:29:12 2006 +0000
+++ b/pgp.c     Fri Sep 22 13:17:10 2006 +0100
@@ -64,10 +64,19 @@
 
 char PgpPass[LONG_STRING];
 time_t PgpExptime = 0; /* when does the cached passphrase expire? */
+int mlocked = 0;
 
 void pgp_void_passphrase (void)
 {
   memset (PgpPass, 0, sizeof (PgpPass));
+  if (mlocked)
+  {
+      if (munlock(PgpPass, sizeof(PgpPass)))
+       dprint (3, (debugfile, "Couldn't unlock passphrase in memory.\n"));
+      /* If we couldn't unlock it just now, probably never going to be able to.
+       * Doesn't seem much point in continuing to try. */
+      mlocked = 0;
+  }
   PgpExptime = 0;
 }
 
@@ -90,6 +99,10 @@ int pgp_valid_passphrase (void)
   if (mutt_get_password (_("Enter PGP passphrase:"), PgpPass, sizeof 
(PgpPass)) == 0)
     {
       PgpExptime = time (NULL) + PgpTimeout;
+      if (mlock(PgpPass, sizeof(PgpPass)))
+       dprint (3, (debugfile, "Couldn't lock passphrase in memory.\n"));
+      else
+       mlocked = 1;
       return (1);
     }
   else

Attachment: signature.asc
Description: Digital signature