Werner Koch wk@gnupg.org
Sat, 25 Jan 2003 20:16:12 +0100

On Sat, 25 Jan 2003 17:29:52 +0100, Simon Josefsson said:

> That seems bad.  Is there any work going on to make it possible for
> user-level code to allocate secure memory from the kernel (possibly
> via libc)?

A long time ago, a patch was proposed to allow for an ulimit
controlled amount of non-pageable memory but rejected by Linux.  I
talked with David Miller about this but he also objected and said that
the (at that time new) capabilities should be used for this - well
this does not solve the library problem.

> If not, I fear that making applications setuid in order for secure
> memory to be available creates more security problems than it solves.

I general I think this secure memory is not really required and
operations with sensitive data should better be handled by a dedicated
process, like gpg-agent.

> used without support from the application using my library, I want to
> use libgcrypt without secure memory, and for this to happen silently.

I am going to change it in this way.

> This is what I'll do, with the "default init" being:

Looks okay.