Re: gnome-keyring Why does -ask ship a copy of GtkEntry ?

On Thu, Jan 8, 2009 at 11:55 PM, Stef <stef-list memberwebs com> wrote:
> gnome-keyring and seahorse go to great lengths to make sure passwords
> always reside in nonpageable locked memory. There are special memory
> allocation functions for this [1]

Hmm, I doubt this adds any real security advantages. After all, you
are still loading modules like theme engines, etc, which can easily
steal the content of your non-pageable memory. And you are using
regular X, allowing anybody to sniff the key events that are used to
fill your 'secure' entry.

However, if allowing the use of a static buffer is what it takes to
make you use GtkEntry, I'd be happy to review your patch...


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]