Bug#628383: libgnome-keyring: FTBFS on kfreebsd-*, test suite failure in test-secmem

[Petr Salinger]

Hello Michael.

>> the test-secmem fails due to different restriction of FreeBSD kernel.
>> The FreeBSD kernel does not allow mlock()/mlockall() for ordinary user.

> What should be used on kfreebsd then to lock process memory as ordinary
> user, ie. how can this bug be fixed?

The problem with "secure memory" is that it only lowers probability of 
writing sensitive data to disk.
The rest of process memory (including stack) is still subject to swapping,
therefore sensitive data can still end in the disk.
And with "suspend to disk" even "secure memory" will end in the disk.

On the other hand, allowing ordinary user to consume unswappable memory
can lead to DoS.

The primary usage area of mlock() are "soft realtime" systems.

What are the users of this kind "secure memory" ?
Can they have suid bit set ?

The other solution might be to change code to only emit a warning
for EPERM failure of mlock()/munlock().

Currently, it is silent and returns NULL.

Petr

--- egg-secure-memory.c
+++ egg-secure-memory.c
@@ -875,14 +875,17 @@
         }

         if (mlock (pages, *sz) < 0) {
-               if (show_warning && egg_secure_warnings && errno != EPERM) {
+               if (show_warning && egg_secure_warnings) {
                         fprintf (stderr, "couldn't lock %lu bytes of memory (%s): %s\n",
                                  (unsigned long)*sz, during_tag, strerror (errno));
                         show_warning = 0;
                 }
+               if (errno != EPERM)
+               {
                 munmap (pages, *sz);
                 return NULL;
         }
+       }

         DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz);