Re: [Mutt] #580: mutt stores PGP passphrase insecurely

[Mutt <fleas@xxxxxxxx>]

#580: mutt stores PGP passphrase insecurely
-----------------------------------------+----------------------------------
  Reporter:  Marco d'Itri <md@xxxxxxxx>  |       Owner:  mutt-dev
      Type:  defect                      |      Status:  reopened
  Priority:  trivial                     |   Milestone:          
 Component:  crypto                      |     Version:  1.5.19  
Resolution:                              |    Keywords:          
-----------------------------------------+----------------------------------

Comment(by petr_p):

 I looked through the code how passwords are processed. Whereas PGP and
 SMIME code are straightforward and the password is stored in static buffer
 only, the ACCOUNT password (used for SASL, SMTP etc.) is really one big
 mess where the buffer is copied and copied.

 I can't see any easy way how to catch all password occurrences and to get
 balanced mlock-munlock dance around them.

 To have things worse, the code (even the PGP and SMIME) is written in a
 fashion to get the password and sometimes erase password buffer just
 before getting new password. That means the password is practically
 `never' removed, even after password life time elapses.

 So it's reasonable to mlock buffers for PGP and SMIME on mutt start and
 never unlock them. Thus we will have possibly 2 pages (8 kB on x86) locked
 forever. However I don't know what to do with the rest of password
 buffers.

 If somebody interests I wrote simple counting memory page locking manager
 solving problems described in my previous comment (address alignment, page
 sharing). However due to mutt style, it's unusable in this situation.

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/580#comment:20>
Mutt <http://www.mutt.org/>
The Mutt mail user agent