<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #580: mutt stores PGP passphrase insecurely



#580: mutt stores PGP passphrase insecurely
-----------------------------------------+----------------------------------
  Reporter:  Marco d'Itri <md@xxxxxxxx>  |       Owner:  mutt-dev
      Type:  defect                      |      Status:  reopened
  Priority:  trivial                     |   Milestone:          
 Component:  crypto                      |     Version:  1.5.19  
Resolution:                              |    Keywords:          
-----------------------------------------+----------------------------------
Changes (by pdmef):

  * component:  mutt => crypto


Old description:

> {{{
> Package: mutt
> Version: 1.3.15-2
>
> [NOTE: this bug report has been submitted to the debian BTS as Bug#96144.
> Please Cc all your replies to 96144@xxxxxxxxxxxxxxxx]
>
> From: Brian Ristuccia <brian@xxxxxxxxxxxxx>
> Subject: mutt stores PGP passphrase insecurely
> Date: Thu, 3 May 2001 01:44:50 -0400
>
> When caching passphrases, mutt uses memory that's not locked. The
> passphrase
> can be recovered if that part of mutt's address space is swapped to disk.
> In
> order for the secret key to remain secure in the event that the machine
> is
> lost or stolen, the memory area occupied by the passphrase must be locked
> to
> prevent the swap file from being contaminated with the passphrase. Note
> that
> mutt zeros out the passphrase when it times out, but there's no guarantee
> that any old blocks on the swap space will be overwritten before the
> machine
> is shut down or stolen. This issue is of particular importance with
> laptop
> computers, since PGP encryption is the only thing standing between an
> unauthorized reader and your email should the machine get stolen.
>
> Since Linux 2.2.x and 2.4.x don't seem to allow ordinary users to lock
> even
> small amounts of memory, one potential solution would be to have mutt
> executed by a wrapper program that passes it a locked shared memory
> segment
> just big enough to hold the passphrase. Swap over an encrypted loopback
> filesystem initialized with a throwaway key at each reboot is a
> workaround.
> But using an encrypted loopback filesystem is computationally intensive
> and
> might drain batteries prematurely, especially on smaller laptops. A
> kernel
> level swap cleaner daemon that overwrites recently freed swap blocks
> would
> also work, but with a similar battery life penalty.
>
> --
> Brian Ristuccia
> brian@xxxxxxxxxxxxx
> bristucc@xxxxxxxxxx
>

>
> >How-To-Repeat:
> >Fix:
> }}}

New description:

 {{{
 Package: mutt
 Version: 1.3.15-2

 [NOTE: this bug report has been submitted to the debian BTS as Bug#96144.
 Please Cc all your replies to 96144@xxxxxxxxxxxxxxxx]

 From: Brian Ristuccia <brian@xxxxxxxxxxxxx>
 Subject: mutt stores PGP passphrase insecurely
 Date: Thu, 3 May 2001 01:44:50 -0400

 When caching passphrases, mutt uses memory that's not locked. The
 passphrase
 can be recovered if that part of mutt's address space is swapped to disk.
 In
 order for the secret key to remain secure in the event that the machine is
 lost or stolen, the memory area occupied by the passphrase must be locked
 to
 prevent the swap file from being contaminated with the passphrase. Note
 that
 mutt zeros out the passphrase when it times out, but there's no guarantee
 that any old blocks on the swap space will be overwritten before the
 machine
 is shut down or stolen. This issue is of particular importance with laptop
 computers, since PGP encryption is the only thing standing between an
 unauthorized reader and your email should the machine get stolen.

 Since Linux 2.2.x and 2.4.x don't seem to allow ordinary users to lock
 even
 small amounts of memory, one potential solution would be to have mutt
 executed by a wrapper program that passes it a locked shared memory
 segment
 just big enough to hold the passphrase. Swap over an encrypted loopback
 filesystem initialized with a throwaway key at each reboot is a
 workaround.
 But using an encrypted loopback filesystem is computationally intensive
 and
 might drain batteries prematurely, especially on smaller laptops. A kernel
 level swap cleaner daemon that overwrites recently freed swap blocks would
 also work, but with a similar battery life penalty.

 --
 Brian Ristuccia
 brian@xxxxxxxxxxxxx
 bristucc@xxxxxxxxxx



 >How-To-Repeat:
 >Fix:
 }}}

--

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/580#comment:18>
Mutt <http://www.mutt.org/>
The Mutt mail user agent