Add some improved logic to seahorse to have it gracefully fall back to insecure
memory usage for sensitive storage when gnome-keyring doesn't have the privileges to use mlock(2)/munlock(2). This behavior is much more useful than the ungraceful dereference of a NULL pointer (and subsequent crash of the seahorse programs) that currently is employed. This patch makes seahorse (and seahorse-agent, seahorse-daemon, etc.) warn the user about having to use secure memory so that consumers such as Evolution and other software can make use of seahorse. A larger and more valuable project would be to provide some sort of unprivileged user mlock(2) support in the base system. Some ideas are currently being discussed. Reviewed by: marcus, gnome@, imp Approved by: marcus (gnome)
This commit is contained in:
Coleman Kane
parent
270ad6b9a3
commit
ce20a88849
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=211196
3 changed files with 54 additions and 0 deletions
|
|
@ -8,6 +8,7 @@
|
||||||
|
|
||||||
PORTNAME= seahorse
|
PORTNAME= seahorse
|
||||||
PORTVERSION= 2.22.1
|
PORTVERSION= 2.22.1
|
||||||
|
PORTREVISION= 1
|
||||||
CATEGORIES= security gnome
|
CATEGORIES= security gnome
|
||||||
MASTER_SITES= GNOME
|
MASTER_SITES= GNOME
|
||||||
DIST_SUBDIR= gnome2
|
DIST_SUBDIR= gnome2
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,42 @@
|
||||||
|
--- libseahorse/seahorse-secure-memory.c.orig 2008-04-12 12:09:58.000000000 -0400
|
||||||
|
+++ libseahorse/seahorse-secure-memory.c 2008-04-12 12:10:05.000000000 -0400
|
||||||
|
@@ -97,13 +97,31 @@
|
||||||
|
void
|
||||||
|
seahorse_secure_memory_init ()
|
||||||
|
{
|
||||||
|
- GMemVTable vtable;
|
||||||
|
-
|
||||||
|
- memset (&vtable, 0, sizeof (vtable));
|
||||||
|
- vtable.malloc = switch_malloc;
|
||||||
|
- vtable.realloc = switch_realloc;
|
||||||
|
- vtable.free = switch_free;
|
||||||
|
- vtable.calloc = switch_calloc;
|
||||||
|
- g_mem_set_vtable (&vtable);
|
||||||
|
+ if (seahorse_try_gk_secure_memory() == TRUE) {
|
||||||
|
+ GMemVTable vtable;
|
||||||
|
+
|
||||||
|
+ memset (&vtable, 0, sizeof (vtable));
|
||||||
|
+ vtable.malloc = switch_malloc;
|
||||||
|
+ vtable.realloc = switch_realloc;
|
||||||
|
+ vtable.free = switch_free;
|
||||||
|
+ vtable.calloc = switch_calloc;
|
||||||
|
+ g_mem_set_vtable (&vtable);
|
||||||
|
+ } else {
|
||||||
|
+ g_warning ("Unable to allocate secure memory from gnome-keyring.\n");
|
||||||
|
+ g_warning ("Proceeding with insecure password memory instead.\n");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
+gboolean
|
||||||
|
+seahorse_try_gk_secure_memory ()
|
||||||
|
+{
|
||||||
|
+ gpointer p;
|
||||||
|
+
|
||||||
|
+ p = gnome_keyring_memory_try_alloc (10);
|
||||||
|
+ if (p != NULL) {
|
||||||
|
+ gnome_keyring_memory_free (p);
|
||||||
|
+ return TRUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return FALSE;
|
||||||
|
+}
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
--- libseahorse/seahorse-secure-memory.h.orig 2008-04-11 09:33:34.000000000 -0400
|
||||||
|
+++ libseahorse/seahorse-secure-memory.h 2008-04-11 09:34:12.000000000 -0400
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
} while (0)
|
||||||
|
|
||||||
|
/* This must be called before any glib/gtk/gnome functions */
|
||||||
|
-void seahorse_secure_memory_init (void);
|
||||||
|
+void seahorse_secure_memory_init (void);
|
||||||
|
+gboolean seahorse_try_gk_secure_memory (void);
|
||||||
|
|
||||||
|
#endif /* _SEAHORSE_SECURE_MEMORY_H_ */
|
||||||
Loading…
Reference in a new issue