Bug: sensitive data written to insecure memory

Oleg Smolsky small at clear.net.nz
Thu Apr 5 11:41:15 CEST 2001

On Wed, 4 Apr 2001, Werner Koch <wk at gnupg.org> wrote:

> Given  all the problems with the "secure memory" handling, the extra
> complexity  of  the  code,  the  problem of hibernation ("suspend to
> disk"),  the unavailibilty of "secure memory" under Windoze and many
> other  systems,  we  might  come  to the conclusion that this design
> issue  was  an  error and we should better rely on the OS to protect
> the swap space.

Actually, it's really easy to lock a set of pages in memory if you are
running on the NT branch. Here are the user mode functions that are
VirtualAlloc() and VirtualFree()
VirtualLock() and VirtualUnlock()

As for the 9x branch, the only solution I can think of is the PGP one:
-- install a dummy kernel mode driver
-- allocate a set of pages from a non-paged pool
-- recalculate the addresses in the MDLs and pass them to the user
   level app

As for the hibernation... I don't really know... I suppose we could
encrypt the contents of those pages just before we "OK" going in to
the that mode...

Best regards,

More information about the Gnupg-devel mailing list