[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Automating pam_keyring...



On 20/07/07, Jonathan Underwood <jonathan underwood gmail com> wrote:
On 20/07/07, Bill Nottingham <notting redhat com> wrote:
> Jonathan Underwood (jonathan underwood gmail com) said:
> > Warning: Your system is not configured to cache passphrases in secure
> > memory.
> >
> > I suspect this is about keys being stored in memory that can be
> > swapped out - I am not sure we have the infrastructure in place to do
> > anything about that yet, though?
>
> Well, it's just using mlock(). Why is it getting that error, though - is
> it trying to allocate more than the current default?
>

Am not sure how I would tell? I am seeing that message even though no
PGP keys are cached, only an ssh one is. I am not sure if ssh-agent
keeps keys in mlock'ed memory or not.


Yes, as I suspected looking at /proc/pid/status of the ssh-agent, I see:

VmLck:         0 kB

and so ssh-agent isn't using mlock'd memory, which is probably what
seahorse is grumbling about.

[As an aside, I wonder if that constitutes a security hole in ssh-agent].

J.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]