[dev] [slock] prevent swapping of user's password

From: Listeria monocytogenes <listeria_AT_disroot.org>
Date: Sat, 27 Jun 2026 20:19:11 +0000

Hi,

I think it would make sense to mlock the variables dealing with the
user's input in readpw(), to ensure secrets are not written to disk
(sans hibernating).

That may include buf[32], passwd[256], ksym and ev. In which case the
easiest way to do it would be to put them all in a struct and call:

  mlock(&secrets, sizeof(secrets)) /* in linux */

Apparently according to POSIX mlock(2) may fail if addr is not a
multiple of PAGESIZE, so that would need to be handled as well:

  addr = (char *)((uintptr_t)&secrets & -sysconf(_SC_PAGESIZE));
  len = (char *)(&secrets + 1) - addr;
  mlock(addr, len);

--
Listeria
Received on Sat Jun 27 2026 - 22:19:11 CEST

This archive was generated by hypermail 2.3.0 : Sat Jun 27 2026 - 22:24:09 CEST