On Mon, Dec 18, 2006 at 20:11:05 -0500, Brandon S. Allbery KF8NH wrote: > >On Dec 18, 2006, at 18:26 , [EMAIL PROTECTED] wrote: > >> >>Tomasz Zielonka <[EMAIL PROTECTED]> writes: >> >>>On Mon, Dec 18, 2006 at 11:57:59PM +0100, >>>[EMAIL PROTECTED] wrote: >>>>... but I wonder: GPG, AFAIK undertakes some special measures to >>>>ensure that neither clear text nor private keys are paged out to the >>>>disk (since it might be recovered from there by "the enemy"). How >>>>would you lock data in memory in Haskell? Would that be possible? >>>> >>>>It seems to me that all participants in this thread have missed this >>>>point so far. >>> >>>You could just mlock() everything allocated by the RTS... >> >>Brute force. :-) Certainly the most simple way to do it. But is that >>option already here (say in ghc), or would one have to patch the >>runtime for that? > >Note also that this requires setuid root (yes, in gpg as well) --- so >you are trading one known security issue for an unknown number of >others.
Very true. In the end it comes down to what threats one wants to address and personally I don't think that the threat that mlock() addresses rates very highly. Even when taking into account the seemingly rampant misplacing of laptops of late. /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] http://therning.org/magnus Software is not manufactured, it is something you write and publish. Keep Europe free from software patents, we do not want censorship by patent law on written works. As we enjoy great advantages from the inventions of others we should be glad of an opportunity to serve others by any invention of ours, and this we should do freely and generously. -- Benjamin Franklin
pgp20frsgRwSf.pgp
Description: PGP signature
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
