<<< Date Index >>>     <<< Thread Index >>>

Fwd: related to paranoic gpg settings, secure memory for secrets would be nice



This really belongs here...

----- Forwarded message from Will Fiveash <will.fiveash@xxxxxxxxxx> -----

Date: Wed, 8 Dec 2010 17:07:46 -0600
From: Will Fiveash <will.fiveash@xxxxxxxxxx>
Subject: related to paranoic gpg settings, secure memory for secrets would be 
nice
To: mutt-users@xxxxxxxx
Mail-Followup-To: Will Fiveash <will.fiveash@xxxxxxxxxx>, mutt-users@xxxxxxxx

Related to the recent post about paranoid gpg settings it seems to me
that mutt ought to use a scheme like gnupg which has support for using a
pool of mlock()ed memory to store certain sensitive data like passwords
and private keys so they won't get paged out to swap.  mutt could use
this for its cached PGP/GPG password.  Maybe util/secmem.c from gnupg
could be used (it's licensed under the same GPL license as mutt)?
Note, that while mlock()ing memory generally requires a higher privilege
than typical users get by default in most OS's some OS's like Solaris
support granting specific privs like proc_lock_memory which avoids the
security issues of setuid'ing mutt to run as root (I use this to give
gpg proc_lock_memory priv).

-- 
Will Fiveash

----- End forwarded message -----

-- 
Will Fiveash