<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #580: mutt stores PGP passphrase insecurely



#580: mutt stores PGP passphrase insecurely
-----------------------------------------+----------------------------------
  Reporter:  Marco d'Itri <md@xxxxxxxx>  |       Owner:  mutt-dev
      Type:  defect                      |      Status:  reopened
  Priority:  trivial                     |   Milestone:          
 Component:  crypto                      |     Version:  1.5.19  
Resolution:                              |    Keywords:          
-----------------------------------------+----------------------------------

Comment(by petr_p):

 Replying to [comment:16 antonio@â]:
 > http://bugs.debian.org/cgi-
 bin/bugreport.cgi?msg=102;filename=patch-1.5.13.pw.pgpmlock.1;att=1;bug=96144
 >

 mlock(3p) says POSIX conforming systems may require the locked address
 base to be multiple of page size. Thus we need to align the address to
 page boundary to improve portability.

 Other problem is mutt_get_password() is called on three different places
 for three different password buffers. We should take care about all of
 them.

 This brings another issue: if we get passwords (e.g.) for IMAP and for PGP
 on the same page and we call munlock() on one of them, we will get
 unlocked both buffers.

 I think the best way is to implement some sort of locked memory allocator.
 Other possibility is to lock each password buffer and never unlock it. Yet
 another approach is to ensure each password buffer will occupy exactly one
 (two) memory pages.

 So, a lot of questions. What do you think?

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/580#comment:19>
Mutt <http://www.mutt.org/>
The Mutt mail user agent