Control: tags -1 security Control: severity -1 serious According to
https://chat.mistral.ai/chat/27317f33-8880-49f4-b5d8-f8bef90d7a08 "the password (and possibly other sensitive data) was stored in regular, unlocked memory" (because the otpclient/GTK4 accepted the password instead of aborting after the mlock failure). So this is apparently a security issue. There may actually be 2 bugs: 1. The fact that the password is stored in regular, unlocked memory (security). 2. The fact that mlock fails with ENOMEM on such a low value. -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

