On Fri, Sep 22, 2006 at 01:21:19PM +0100, Paul Walker wrote: > On Thu, Sep 21, 2006 at 06:50:06PM -0400, David Shaw wrote: > > > At least on Linux, mutt can do the right thing with storing > > passphrases securely. This may be true on other systems as well, but > > I can only say for sure about Linux, > > A quick experiment seems to show that's true. The attached patch seems to > work for me (in the sense of "no errors returned", rather than > actually checking the contents of swapfiles). > > It doesn't do anything except log a debug message if it can't lock/unlock > memory, which to me seems harmless but it's possible other systems might > take exception to a non-root process trying to mlock. Could people using > *BSD, Solaris etc. test this out please? For portability, it might be good to make the address being locked land on a page boundary as the POSIX spec for mlock allows this to be an optional requirement. Linux doesn't require this (actually it internally transforms the lock to be on a page boundary), but it might be needed on other systems. On those systems mlock would fail and set errno to EINVAL if the address isn't on a boundary. David
Attachment:
pgpeNSAeOhEsV.pgp
Description: PGP signature