Comment #3 on issue 317 by [email protected]: Encryption Passphrase
Stored Unprotected in Memory
https://code.google.com/p/vim/issues/detail?id=317
There's a function, mlock(), which does exactly this. This will prevent
that section of memory from getting written to a core file, or from being
written to swap. Of course you can look at it if you have access to RAM
(if you're the same user, or otherwise have sufficient privileges), but the
point is to not have your sensitive data sitting around on disk.
GnuPG uses this (through pinentry).
One note is that some operating systems prevent you from calling mlock()
without extra privileges, because otherwise you can run a DoS attack on the
machine by locking loads of memory. Others either just allow it, or allow
up to a small amount, enough to keep a bunch of passwords stored. So you'd
need to make sure that you reverted to the unsafe behavior if mlock()
failed (or have configuration that prevented the fallback, for the
paranoid).
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups "vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
