Re: gnome-keyring Why does -ask ship a copy of GtkEntry ?

From: "Matthias Clasen" <matthias clasen gmail com>
To: stef memberwebs com
Cc: gnome-keyring-list gnome org
Subject: Re: gnome-keyring Why does -ask ship a copy of GtkEntry ?
Date: Fri, 9 Jan 2009 00:32:35 -0500

On Thu, Jan 8, 2009 at 11:55 PM, Stef <stef-list memberwebs com> wrote:
>
> gnome-keyring and seahorse go to great lengths to make sure passwords
> always reside in nonpageable locked memory. There are special memory
> allocation functions for this [1]

Hmm, I doubt this adds any real security advantages. After all, you
are still loading modules like theme engines, etc, which can easily
steal the content of your non-pageable memory. And you are using
regular X, allowing anybody to sniff the key events that are used to
fill your 'secure' entry.

However, if allowing the use of a static buffer is what it takes to
make you use GtkEntry, I'd be happy to review your patch...

Matthias

Follow-Ups:
- Re: gnome-keyring Why does -ask ship a copy of GtkEntry ?
  - From: Stef

References:
- gnome-keyring Why does -ask ship a copy of GtkEntry ?
  - From: Matthias Clasen
- Re: gnome-keyring Why does -ask ship a copy of GtkEntry ?
  - From: Stef

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]