[dev] [slock] prevent swapping of user's password
0 views
Skip to first unread message
Listeria monocytogenes
Jun 27, 2026, 4:20:00 PM (22 hours ago) Jun 27
to d...@suckless.org
Hi,
I think it would make sense to mlock the variables dealing with the
user's input in readpw(), to ensure secrets are not written to disk
(sans hibernating).
That may include buf[32], passwd[256], ksym and ev. In which case the
easiest way to do it would be to put them all in a struct and call:
mlock(&secrets, sizeof(secrets)) /* in linux */
Apparently according to POSIX mlock(2) may fail if addr is not a
multiple of PAGESIZE, so that would need to be handled as well:
addr = (char *)((uintptr_t)&secrets & -sysconf(_SC_PAGESIZE));
len = (char *)(&secrets + 1) - addr;
mlock(addr, len);
--
Listeria
I think it would make sense to mlock the variables dealing with the
user's input in readpw(), to ensure secrets are not written to disk
(sans hibernating).
That may include buf[32], passwd[256], ksym and ev. In which case the
easiest way to do it would be to put them all in a struct and call:
mlock(&secrets, sizeof(secrets)) /* in linux */
Apparently according to POSIX mlock(2) may fail if addr is not a
multiple of PAGESIZE, so that would need to be handled as well:
addr = (char *)((uintptr_t)&secrets & -sysconf(_SC_PAGESIZE));
len = (char *)(&secrets + 1) - addr;
mlock(addr, len);
--
Listeria
Hiltjo Posthuma
3:54 AM (10 hours ago) 3:54 AM
to dev mail list
Maybe this could be done at another level? By encrypting swap (done on OpenBSD
by default) or configure hibernation securily on your system. This affects
other (possibly more sensitive applications) as well.
Hope this helps,
--
Kind regards,
Hiltjo
Reply all
Reply to author
Forward
0 new messages