Date: Mon, 23 Apr 2012 17:30:55 -0400 From: Joe Marcus Clarke <marcus@freebsd.org> To: Eitan Adler <lists@eitanadler.com> Cc: Jeremy Messenger <mezz.freebsd@gmail.com>, Alexander Leidinger <Alexander@leidinger.net>, AN <andy@neu.net>, gnome@freebsd.org Subject: Re: Unable to allocate secure memory from gnome-keyring Message-ID: <4F95CA0F.6030002@freebsd.org> In-Reply-To: <CAF6rxgmfW6j_R9qRPE5sLiANd40wAp94riKiJv-NuZOzVBVwPg@mail.gmail.com> References: <alpine.BSF.2.00.1204222157150.55889@mail.neu.net> <CADLFttd0JwjLZyoaVzjWZPE8dNSBptphOooxy6r9VYKuykBXTg@mail.gmail.com> <20120423220812.0000178d@unknown> <4F95C2B1.2050706@freebsd.org> <CAF6rxgmfW6j_R9qRPE5sLiANd40wAp94riKiJv-NuZOzVBVwPg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/23/12 5:22 PM, Eitan Adler wrote: > On 23 April 2012 16:59, Joe Marcus Clarke <marcus@freebsd.org> wrote: >> On 4/23/12 4:08 PM, Alexander Leidinger wrote: >>> On Sun, 22 Apr 2012 22:06:41 -0500 Jeremy Messenger >>> <mezz.freebsd@gmail.com> wrote: >>> >>>> On Sun, Apr 22, 2012 at 9:12 PM, AN <andy@neu.net> wrote: >>> >>>>> ** (process:42587): WARNING **: Unable to allocate secure memory >>>>> from gnome-keyring. >>>>> >>>>> >>>>> ** (process:42587): WARNING **: Proceeding using insecure memory for >>>>> password fields. >>>> >>>> Both of warnings here are known for age. I don't remember exactly why, >>>> I think it's something that FreeBSD lacks of what Linux has or maybe >>>> just need to complete port to FreeBSD. I am not sure. >>> >>> I would expect that this is caused by a failed call to mlock(). Only >>> root is allowed to do that. I would also expect that this message >>> disappears, if the executables is marked as SUID-root. If it makes >>> sense to mark it SUID-root from a security point of view in this case or >>> not is a different question. > > The concern here is that the memory may be paged out and written to > disk. This data on disk may be recoverable even after the memory is > wiped. Very few people need concern themselves with attacks that rely > on this. This is correct. We could likely try and fix this, but it would involve some crazy suid hacks. Joe -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F95CA0F.6030002>