Unable to allocate secure memory from gnome-keyring
Joe Marcus Clarke
marcus at freebsd.org
Mon Apr 23 21:30:58 UTC 2012
On 4/23/12 5:22 PM, Eitan Adler wrote:
> On 23 April 2012 16:59, Joe Marcus Clarke <marcus at freebsd.org> wrote:
>> On 4/23/12 4:08 PM, Alexander Leidinger wrote:
>>> On Sun, 22 Apr 2012 22:06:41 -0500 Jeremy Messenger
>>> <mezz.freebsd at gmail.com> wrote:
>>>
>>>> On Sun, Apr 22, 2012 at 9:12 PM, AN <andy at neu.net> wrote:
>>>
>>>>> ** (process:42587): WARNING **: Unable to allocate secure memory
>>>>> from gnome-keyring.
>>>>>
>>>>>
>>>>> ** (process:42587): WARNING **: Proceeding using insecure memory for
>>>>> password fields.
>>>>
>>>> Both of warnings here are known for age. I don't remember exactly why,
>>>> I think it's something that FreeBSD lacks of what Linux has or maybe
>>>> just need to complete port to FreeBSD. I am not sure.
>>>
>>> I would expect that this is caused by a failed call to mlock(). Only
>>> root is allowed to do that. I would also expect that this message
>>> disappears, if the executables is marked as SUID-root. If it makes
>>> sense to mark it SUID-root from a security point of view in this case or
>>> not is a different question.
>
> The concern here is that the memory may be paged out and written to
> disk. This data on disk may be recoverable even after the memory is
> wiped. Very few people need concern themselves with attacks that rely
> on this.
This is correct. We could likely try and fix this, but it would involve
some crazy suid hacks.
Joe
--
Joe Marcus Clarke
FreeBSD GNOME Team :: gnome at FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome
More information about the freebsd-gnome
mailing list