Re: [Haskell-cafe] Re: A suggestion for the next high profile Haskell project

On Dec 18, 2006, at 18:26 , ls-haskell-developer-2006@m-e-leypold.de wrote:

Tomasz Zielonka writes:

...

On Mon, Dec 18, 2006 at 11:57:59PM +0100, ls-haskell- developer-2006@m-e-leypold.de wrote:

...

... but I wonder: GPG, AFAIK undertakes some special measures to ensure that neither clear text nor private keys are paged out to the disk (since it might be recovered from there by "the enemy"). How would you lock data in memory in Haskell? Would that be possible?

It seems to me that all participants in this thread have missed this point so far.

You could just mlock() everything allocated by the RTS...

Brute force. :-) Certainly the most simple way to do it. But is that option already here (say in ghc), or would one have to patch the runtime for that?

Note also that this requires setuid root (yes, in gpg as well) --- so you are trading one known security issue for an unknown number of others. -- brandon s. allbery [linux,solaris,freebsd,perl] allbery@kf8nh.com system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH