Re: [Mutt] #580: mutt stores PGP passphrase insecurely
- To: md@xxxxxxxx, arturcz@xxxxxxx, brendan@xxxxxxxxxx, brian@xxxxxxxxxxxxx, invalid@xxxxxxxxxxxxxx, ttakah@xxxxxxxxxxxxxxxxx, roessler@xxxxxxxxxxxxxxxxxx, wk@xxxxxxxxx, antonio@xxxxxxxx, paul@xxxxxxxxxxxxxxx, pdmef@xxxxxxx, petr.pisar@xxxxxxxx
- Subject: Re: [Mutt] #580: mutt stores PGP passphrase insecurely
- From: Mutt <fleas@xxxxxxxx>
- Date: Tue, 21 Jul 2009 16:51:56 -0000
- Auto-submitted: auto-generated
- Cc: mutt-dev@xxxxxxxx, 96144@xxxxxxxxxxxxxxx
- In-reply-to: <058.5fa77f122be3996dabecb666b4de6ee9@xxxxxxxx>
- Mail-followup-to: fleas@xxxxxxxx
- References: <058.5fa77f122be3996dabecb666b4de6ee9@xxxxxxxx>
- Reply-to: fleas@xxxxxxxx
#580: mutt stores PGP passphrase insecurely
-----------------------------------------+----------------------------------
Reporter: Marco d'Itri <md@xxxxxxxx> | Owner: mutt-dev
Type: defect | Status: reopened
Priority: trivial | Milestone:
Component: crypto | Version: 1.5.19
Resolution: | Keywords:
-----------------------------------------+----------------------------------
Comment(by petr_p):
Replying to [comment:16 antonio@â]:
> http://bugs.debian.org/cgi-
bin/bugreport.cgi?msg=102;filename=patch-1.5.13.pw.pgpmlock.1;att=1;bug=96144
>
mlock(3p) says POSIX conforming systems may require the locked address
base to be multiple of page size. Thus we need to align the address to
page boundary to improve portability.
Other problem is mutt_get_password() is called on three different places
for three different password buffers. We should take care about all of
them.
This brings another issue: if we get passwords (e.g.) for IMAP and for PGP
on the same page and we call munlock() on one of them, we will get
unlocked both buffers.
I think the best way is to implement some sort of locked memory allocator.
Other possibility is to lock each password buffer and never unlock it. Yet
another approach is to ensure each password buffer will occupy exactly one
(two) memory pages.
So, a lot of questions. What do you think?
--
Ticket URL: <http://dev.mutt.org/trac/ticket/580#comment:19>
Mutt <http://www.mutt.org/>
The Mutt mail user agent