C/C++ API for GnuPG

Jason Harris jharris@widomaker.com
Mon Apr 21 22:17:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 21, 2003 at 07:36:39PM +0200, Werner Koch wrote:
> On Sat, 19 Apr 2003 17:02:27 -0400, Jason Harris said:
> > The library knows which page(s) to lock and should request that whether
> > it runs inside GPG or another app.
> No, it can't.  Under a lot of OSes it is not possible to protect
> against paging or you need to have root capabilities to do so.  Noone
> would do this in a library.

(Werner, is this from someone trying to make trouble for you?  :)

It can attempt it and report if it fails, no?  lock_pool()
(src/secmem.c) in libgcrypt (1.1.9) reports failed mlock()s...

[sorry, but I had to make sure it was still there]
Hey, what's this (cvs annotate output):

  1.1          (wkoch    24-Jan-00):     err =3D mlock( p, n );
  1.1          (wkoch    24-Jan-00):      err =3D errno;

Also, OpenBSD's and NetBSD's man pages for mlock(2) (on websites) don't
say root privs are specifically required.  (FreeBSD could use this
feature, w/o the hassles of ACLs/capabilities/whatever.)

Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)