This really belongs here... ----- Forwarded message from Will Fiveash <[email protected]> -----
Date: Wed, 8 Dec 2010 17:07:46 -0600 From: Will Fiveash <[email protected]> Subject: related to paranoic gpg settings, secure memory for secrets would be nice To: [email protected] Mail-Followup-To: Will Fiveash <[email protected]>, [email protected] Related to the recent post about paranoid gpg settings it seems to me that mutt ought to use a scheme like gnupg which has support for using a pool of mlock()ed memory to store certain sensitive data like passwords and private keys so they won't get paged out to swap. mutt could use this for its cached PGP/GPG password. Maybe util/secmem.c from gnupg could be used (it's licensed under the same GPL license as mutt)? Note, that while mlock()ing memory generally requires a higher privilege than typical users get by default in most OS's some OS's like Solaris support granting specific privs like proc_lock_memory which avoids the security issues of setuid'ing mutt to run as root (I use this to give gpg proc_lock_memory priv). -- Will Fiveash ----- End forwarded message ----- -- Will Fiveash
