Use memfd_secret for storing password buffer where available
stapelberg opened this issue · comments
See https://lwn.net/Articles/865256/ for background. This will only become available with the upcoming Linux 5.14 release.
There hasn’t been a new release of the linux manpages since 5.13, but you can view the current memfd_secret manpage like so:
curl https://raw.githubusercontent.com/mkerrisk/man-pages/master/man2/memfd_secret.2 | man /dev/stdin
I tried calling memfd_secret on my Linux 5.17 system like so:
--- i/i3lock.c
+++ w/i3lock.c
@@ -11,6 +11,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <pwd.h>
+#include <sys/syscall.h>
#include <sys/types.h>
#include <string.h>
#include <unistd.h>
@@ -67,7 +68,7 @@ static bool pam_cleanup;
#endif
int input_position = 0;
/* Holds the password you enter (in UTF-8). */
-static char password[512];
+static char *password = NULL;
static bool beep = false;
bool debug_mode = false;
bool unlock_indicator = true;
@@ -1085,6 +1086,19 @@ int main(int argc, char *argv[]) {
errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
#endif
+#if defined(__linux__)
+ int secret_fd = syscall(SYS_memfd_secret, 0);
+ if (secret_fd == -1)
+ err(EXIT_FAILURE, "memfd_secret");
+ printf("secret_fd = %d\n", secret_fd);
+ exit(1);
+#else
+ password = malloc(512);
+ if (password == NULL) {
+ err(EXIT_FAILURE, "malloc");
+ }
+#endif
+
/* Using mlock() as non-super-user seems only possible in Linux.
* Users of other operating systems should use encrypted swap/no swap
* (or remove the ifdef and run i3lock as super-user).…but had to discover that memfd_secret returns -ENOSYS on my machine.
This seems to be because it needs to be explicitly enabled by passing the secretmem_enable= option on the kernel command line.
Given that it’s not enabled by default, I don’t think there is much sense in trying to use it. Vanishingly few systems will have it available. We can revisit if/when Linux enables this by default.