#580: mutt stores PGP passphrase insecurely -----------------------------------------+---------------------------------- Reporter: Marco d'Itri <m...@linux.it> | Owner: mutt-dev Type: defect | Status: reopened Priority: trivial | Milestone: Component: crypto | Version: 1.5.19 Resolution: | Keywords: -----------------------------------------+----------------------------------
Comment(by petr_p): I looked through the code how passwords are processed. Whereas PGP and SMIME code are straightforward and the password is stored in static buffer only, the ACCOUNT password (used for SASL, SMTP etc.) is really one big mess where the buffer is copied and copied. I can't see any easy way how to catch all password occurrences and to get balanced mlock-munlock dance around them. To have things worse, the code (even the PGP and SMIME) is written in a fashion to get the password and sometimes erase password buffer just before getting new password. That means the password is practically `never' removed, even after password life time elapses. So it's reasonable to mlock buffers for PGP and SMIME on mutt start and never unlock them. Thus we will have possibly 2 pages (8 kB on x86) locked forever. However I don't know what to do with the rest of password buffers. If somebody interests I wrote simple counting memory page locking manager solving problems described in my previous comment (address alignment, page sharing). However due to mutt style, it's unusable in this situation. -- Ticket URL: <http://dev.mutt.org/trac/ticket/580#comment:20> Mutt <http://www.mutt.org/> The Mutt mail user agent -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org