GnuPG 1.0.4 and HP-UX 10.20 (mlock vs. plock)

[gnupg-devel at thewrittenword.com]

On Wed, Mar 07, 2001 at 11:39:45AM -0600, David Hayes wrote:
> On Wed, Mar 07, 2001 at 10:12:10AM -0600, gnupg-devel at thewrittenword.com wrote:
> > Yes, locking the entire *data* segment is overkill but it's better
> > than nothing. What do you all think?
> 
> I think that keeping sensitive information from leaking to disk is more
> important than the fact that we'll consume a bit more physical RAM.  Go
> for it.

Patch attached. plock() is called only if mlock is detected as being
broken.

-- 
albert chin (china at thewrittenword.com)

-- snip snip
--- acinclude.m4.orig	Mon Mar  5 15:41:08 2001
+++ acinclude.m4	Wed Mar  7 10:17:29 2001
@@ -417,6 +417,7 @@
          if test "$gnupg_cv_have_broken_mlock" = "yes"; then
              AC_DEFINE(HAVE_BROKEN_MLOCK)
              AC_MSG_RESULT(yes)
+             AC_CHECK_FUNCS(plock)
          else
             if test "$gnupg_cv_have_broken_mlock" = "no"; then
                 AC_MSG_RESULT(no)
--- util/secmem.c.orig	Wed Mar  7 10:18:56 2001
+++ util/secmem.c	Wed Mar  7 10:21:22 2001
@@ -32,6 +32,9 @@
   #ifdef USE_CAPABILITIES
     #include <sys/capability.h>
   #endif
+  #ifdef HAVE_PLOCK
+    #include <sys/lock.h>
+  #endif
 #endif
 
 #include "types.h"
@@ -115,6 +118,13 @@
     uid = getuid();
 
   #ifdef HAVE_BROKEN_MLOCK
+    /* ick. but at least we get secured memory. about to lock
+       entire data segment. */
+  #ifdef HAVE_PLOCK
+    err = plock( DATLOCK );
+    if( err && errno )
+        err = errno;
+  #else
     if( uid ) {
 	errno = EPERM;
 	err = errno;
@@ -124,6 +134,7 @@
 	if( err && errno )
 	    err = errno;
     }
+  #endif
   #else
     err = mlock( p, n );
     if( err && errno )