Thomas Roessler <[EMAIL PROTECTED]>:
> > I would vote in flavour of allowing mutt to be run as
> > root, only to lock the memory blocks, then su to the
> > user fast as hell. I'm not saying this is the right way
> > for all users, but it might be a desirable feature for
> > some.
>
> *grrr*
>
> We don't go to great lengths with mutt_dotlock to be able
> to avoid running mutt with privileges, and then run it
> suid root, right?
Mutt could get secure memory immediately when invoked and then
irrevocably throw away its root priviledges. It would then still
require mutt_dotlock, and it would not be a security risk unless
someone tampers with the start-up code.
I just glanced at the secure memory code in gnupg, and it's far from
simple. However, Mutt might have simpler requirements, particularly if
we don't bother trying to make it work on anything other than the most
recent versions of the most popular systems.
Perhaps the biggest worry would be reliably detecting whether it is
possible to irrevocably throw away root priviledges. If we can, then
mutt could just refuse to run when it can't get rid of root
priviledge. I expect GnuPG people can advise ...
Perhaps another solution would be to have a separate suid program that
remembers the passphrase and communicates somehow with the mutt
process ...
Edmund
