#580: mutt stores PGP passphrase insecurely -----------------------------------------+---------------------------------- Reporter: Marco d'Itri <[email protected]> | Owner: mutt-dev Type: defect | Status: reopened Priority: trivial | Milestone: Component: crypto | Version: 1.5.19 Resolution: | Keywords: -----------------------------------------+----------------------------------
Comment(by petr_p): Replying to [comment:16 anto...@…]: > http://bugs.debian.org/cgi- bin/bugreport.cgi?msg=102;filename=patch-1.5.13.pw.pgpmlock.1;att=1;bug=96144 > mlock(3p) says POSIX conforming systems may require the locked address base to be multiple of page size. Thus we need to align the address to page boundary to improve portability. Other problem is mutt_get_password() is called on three different places for three different password buffers. We should take care about all of them. This brings another issue: if we get passwords (e.g.) for IMAP and for PGP on the same page and we call munlock() on one of them, we will get unlocked both buffers. I think the best way is to implement some sort of locked memory allocator. Other possibility is to lock each password buffer and never unlock it. Yet another approach is to ensure each password buffer will occupy exactly one (two) memory pages. So, a lot of questions. What do you think? -- Ticket URL: <http://dev.mutt.org/trac/ticket/580#comment:19> Mutt <http://www.mutt.org/> The Mutt mail user agent
