<<< Date Index >>>     <<< Thread Index >>>

Re: mutt and plaintext passwords : muttrc encryption ?



On Mon, Jul 28, 2008 at 10:54:40PM -0500, Kyle Wheeler wrote:
> On Monday, July 28 at 07:56 PM, quoth Derek Martin:
> >On Mon, Jul 28, 2008 at 12:58:00PM -0500, Kyle Wheeler wrote:
> >> Nothing will be stored in plaintext on disk, your encryption is
> >> guaranteed to be world-class, and best of all: it will work on
> >> virtually any Unix machine.
> >
> >...unless bash swaps out the environment...
> 
> ... why, in that example, would bash do that?

Well, technically, bash wouldn't... the kernel would.  And it would do
so because it needs the physical memory where bash is holding its copy
of the environment for another process that doesn't fit in free
memory (or other reasons)...  The kernel has no way to know that the
contents of a block of memory are "sensitive" -- nor would it
care if it did.

> Presumably, you can avoid that by removing the "exec" keyword in the 
> script?

It can only be avoided by calling the mlock() system call (or
equivalent, in the case some OS has called it something else) on the
appropriate block of memory, which typically requires root privileges
on Unix systems.  However, even if you could get bash to do this, its
child processes may (and generally will) have their own copy of the
environment, which might also get swapped out...

The risk here is tiny, but non-zero.  Someone would have to be able to
gain root priviledges to read the raw swap device to get your
passphrase.  You'd ought to trust the actual root user, as root can
just snarf your passphrase out of memory... but a root exploit would
expose you to risk of having your passphrase stolen by a non-root user.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

Attachment: pgpUlHv_mYEMm.pgp
Description: PGP signature