Follow-up to Crashes with gpg-agent 2.1.18
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Jun 3 00:36:53 CEST 2017
On Fri 2017-06-02 08:31:31 +0900, NIIBE Yutaka wrote:
>> At the time of the error there is at least 10GB of free RAM available.
>
> The limitation comes from the fact we only have 32KB or 64KB for secure
> memory; The region is mlock(2)-ed to avoid data transfer to swap
> storage. ... even if we have multiple giga bytes of memory.
is this a reasonable conclusion today? shouldn't swap be encrypted on
machines where it's a risk? not to be leakage-nihilist or anything, but
hibernation itself can't be prevented at the application level, right?
So these "out of core" crashes just gratuitous outages?
> Perhaps, it would be good for libgcrypt to have an API for an
> application (in this case gpg-agent) showing how much secure memory is
> used (and how much left), so that an application can throttle accepting
> requests.
>
> Or, more easier, we can introduce a limitation to gpg-agent, say, only
> accepts some fixed number of multiple connections simultaneously.
what would gpg-agent do when the limit is reached? it would be better
if a thread could perform a blocking call when asking for more core, so
that the thread requesting the limited resource was the thing blocked,
and other threads could go about their business.
--dkg
More information about the Gnupg-devel
mailing list