C/C++ API for GnuPG
Mon Apr 21 22:17:02 2003
Content-Type: text/plain; charset=us-ascii
On Mon, Apr 21, 2003 at 07:36:39PM +0200, Werner Koch wrote:
> On Sat, 19 Apr 2003 17:02:27 -0400, Jason Harris said:
> > The library knows which page(s) to lock and should request that whether
> > it runs inside GPG or another app.
> No, it can't. Under a lot of OSes it is not possible to protect
> against paging or you need to have root capabilities to do so. Noone
> would do this in a library.
(Werner, is this from someone trying to make trouble for you? :)
It can attempt it and report if it fails, no? lock_pool()
(src/secmem.c) in libgcrypt (1.1.9) reports failed mlock()s...
[sorry, but I had to make sure it was still there]
Hey, what's this (cvs annotate output):
1.1 (wkoch 24-Jan-00): err =3D mlock( p, n );
1.1 (wkoch 24-Jan-00): err =3D errno;
Also, OpenBSD's and NetBSD's man pages for mlock(2) (on websites) don't
say root privs are specifically required. (FreeBSD could use this
feature, w/o the hassles of ACLs/capabilities/whatever.)
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
email@example.com | web: http://jharris.cjb.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----