From owner-freebsd-ports@FreeBSD.ORG Sat Apr 12 17:11:21 2008 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E80D1065671 for ; Sat, 12 Apr 2008 17:11:21 +0000 (UTC) (envelope-from cokane@freebsd.org) Received: from QMTA09.emeryville.ca.mail.comcast.net (qmta09.emeryville.ca.mail.comcast.net [76.96.30.96]) by mx1.freebsd.org (Postfix) with ESMTP id 3CAFC8FC1B for ; Sat, 12 Apr 2008 17:11:21 +0000 (UTC) (envelope-from cokane@freebsd.org) Received: from OMTA05.emeryville.ca.mail.comcast.net ([76.96.30.43]) by QMTA09.emeryville.ca.mail.comcast.net with comcast id CfNd1Z0020vp7WLA909400; Sat, 12 Apr 2008 16:54:00 +0000 Received: from discordia ([24.60.135.75]) by OMTA05.emeryville.ca.mail.comcast.net with comcast id CgvG1Z0071dmTCQ8R00000; Sat, 12 Apr 2008 16:55:17 +0000 X-Authority-Analysis: v=1.0 c=1 a=_QzcWhiW6V8A:10 a=ohosMRfBBuEA:10 a=ggMy3OpGoSs8T8cmJmcA:9 a=crrbwugXgPyAqgS3IDoA:7 a=7gfi5ZtpFM6kfEaFNsyaRgdikzoA:4 a=b8hG5vVbyAkA:10 a=S-hrGqSUTLgMLF7ebJUA:9 a=IlkBDjNHWS-K148heJAA:7 a=92kgJ_8dBPoAJowX2LwE8_Yh0HcA:4 a=NfA2RSpTaHsA:10 Received: by discordia (Postfix, from userid 103) id 6A34E1636FA; Sat, 12 Apr 2008 12:55:16 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.1.8-gr1 (2007-02-13) on discordia X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.8-gr1 Received: from [172.20.1.3] (erwin.int.cokane.org [172.20.1.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by discordia (Postfix) with ESMTP id 319611636F8; Sat, 12 Apr 2008 12:55:05 -0400 (EDT) From: Coleman Kane To: ports@FreeBSD.org Content-Type: multipart/mixed; boundary="=-d00jM/pMQ226WAaWeYSs" Organization: FreeBSD Project Date: Sat, 12 Apr 2008 12:54:54 -0400 Message-Id: <1208019294.10093.16.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.22.1 FreeBSD GNOME Team Port Cc: imp@FreeBSD.org Subject: CFT: Fix crashing in security/seahorse port X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Apr 2008 17:11:21 -0000 --=-d00jM/pMQ226WAaWeYSs Content-Type: text/plain Content-Transfer-Encoding: 7bit Hello ports people, I'm attaching a patch that I've been working on to solve the problem of the latest GNOME 2.22.x seahorse crashing (seahorse-agent, seahorse-daemon, etc...) when the user is trying to use the keyring. The problem arises because gnome-keyring attempts to use mlock() to lock-down some secure memory for password storage, but this requires superuser privileges on FreeBSD. Because of this, gnome-keyring returns a NULL pointer when the alloc returns, but seahorse doesn't check this value. It proceeds, instead, to attempt to use this pointer. The patch will correct this behavior by checking the return value of a small memory allocation to gnome_keyring_memory_try_alloc, during process initialization. If the result is no a NULL pointer, then it performs the desired remapping of the g_malloc, g_free, and other functions so that they may use secure memory. If the return value is NULL, then the remappings aren't performed and a warning is issued with g_warning that informs the user that their seahorse system is using unsecured memory for password storage. I'd like to have some testers to ensure that it works fine in a more general case, so send me your reports (and maybe copy gnome@ as well). Unless it breaks something more, I'll commit it in the next couple days. -- Coleman Kane --=-d00jM/pMQ226WAaWeYSs Content-Disposition: attachment; filename=security_seahorse-no-mlock.patch Content-Type: text/x-patch; name=security_seahorse-no-mlock.patch; charset=UTF-8 Content-Transfer-Encoding: 7bit diff --git a/security/seahorse/Makefile b/security/seahorse/Makefile index a065a09..d5d417f 100644 --- a/security/seahorse/Makefile +++ b/security/seahorse/Makefile @@ -8,6 +8,7 @@ PORTNAME= seahorse PORTVERSION= 2.22.1 +PORTREVISION= 1 CATEGORIES= security gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome2 diff --git a/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.c b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.c new file mode 100644 index 0000000..4a6300b --- /dev/null +++ b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.c @@ -0,0 +1,42 @@ +--- libseahorse/seahorse-secure-memory.c.orig 2008-04-12 12:09:58.000000000 -0400 ++++ libseahorse/seahorse-secure-memory.c 2008-04-12 12:10:05.000000000 -0400 +@@ -97,13 +97,31 @@ + void + seahorse_secure_memory_init () + { +- GMemVTable vtable; +- +- memset (&vtable, 0, sizeof (vtable)); +- vtable.malloc = switch_malloc; +- vtable.realloc = switch_realloc; +- vtable.free = switch_free; +- vtable.calloc = switch_calloc; +- g_mem_set_vtable (&vtable); ++ if (seahorse_try_gk_secure_memory() == TRUE) { ++ GMemVTable vtable; ++ ++ memset (&vtable, 0, sizeof (vtable)); ++ vtable.malloc = switch_malloc; ++ vtable.realloc = switch_realloc; ++ vtable.free = switch_free; ++ vtable.calloc = switch_calloc; ++ g_mem_set_vtable (&vtable); ++ } else { ++ g_warning ("Unable to allocate secure memory from gnome-keyring.\n"); ++ g_warning ("Proceeding with insecure password memory instead.\n"); ++ } + } + ++gboolean ++seahorse_try_gk_secure_memory () ++{ ++ gpointer p; ++ ++ p = gnome_keyring_memory_try_alloc (10); ++ if (p != NULL) { ++ gnome_keyring_memory_free (p); ++ return TRUE; ++ } ++ ++ return FALSE; ++} diff --git a/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.h b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.h new file mode 100644 index 0000000..354b563 --- /dev/null +++ b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.h @@ -0,0 +1,11 @@ +--- libseahorse/seahorse-secure-memory.h.orig 2008-04-11 09:33:34.000000000 -0400 ++++ libseahorse/seahorse-secure-memory.h 2008-04-11 09:34:12.000000000 -0400 +@@ -34,6 +34,7 @@ + } while (0) + + /* This must be called before any glib/gtk/gnome functions */ +-void seahorse_secure_memory_init (void); ++void seahorse_secure_memory_init (void); ++gboolean seahorse_try_gk_secure_memory (void); + + #endif /* _SEAHORSE_SECURE_MEMORY_H_ */ --=-d00jM/pMQ226WAaWeYSs--