KPasswordEdit and security
Thiago Macieira
thiago at kde.org
Tue Dec 26 22:47:02 GMT 2006
Albert Astals Cid wrote:
>> I *think* it is because you can set the password data to be in a
>> locked memory page (so it won't be swapped out and written on the
>> disk) when using a char *, but you can't do that with a QString,
>> because QString controls the buffer, and there's no way for you to
>> tell it it should use "safe" memory. I haven't looked at the code,
>> though, so I don't know if this is happenning or not. IMO, having a
>> password be swapped out to the disk would be an unacceptable security
>> breach.
>
>I had a look to the code and did not found any call that seems to do
> that, do you know how does one do that? (locking the memory page).
It requires an mlockall(2) call, which is only possible in privileged
programs. So we'd need all programs that use KPasswordEdit to be setuid
root -- which our libraries don't allow.
So there's no page-locking security.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20061226/b980c7ef/attachment.sig>
More information about the kde-core-devel
mailing list