Add some improved logic to seahorse to have it gracefully fall back to insecure

memory usage for sensitive storage when gnome-keyring doesn't have the privileges
to use mlock(2)/munlock(2). This behavior is much more useful than the ungraceful
dereference of a NULL pointer (and subsequent crash of the seahorse programs) that
currently is employed.

This patch makes seahorse (and seahorse-agent, seahorse-daemon, etc.) warn the user
about having to use secure memory so that consumers such as Evolution and other
software can make use of seahorse.

A larger and more valuable project would be to provide some sort of unprivileged
user mlock(2) support in the base system. Some ideas are currently being discussed.

Reviewed by:	marcus, gnome@, imp
Approved by:	marcus (gnome)

3 files changed, 54 insertions, 0 deletions

diff --git a/security/seahorse/Makefile b/security/seahorse/Makefile
index b0d67bca6f3b..6c5aaaae2811 100644
--- a/security/seahorse/Makefile
+++ b/security/seahorse/Makefile
@@ -8,6 +8,7 @@
 
 PORTNAME=	seahorse
 PORTVERSION=	2.22.1
+PORTREVISION=	1
 CATEGORIES=	security gnome
 MASTER_SITES=	GNOME
 DIST_SUBDIR=	gnome2
diff --git a/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.c b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.c
new file mode 100644
index 000000000000..4a6300bd26b9
--- /dev/null
+++ b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.c
@@ -0,0 +1,42 @@
+--- libseahorse/seahorse-secure-memory.c.orig	2008-04-12 12:09:58.000000000 -0400
++++ libseahorse/seahorse-secure-memory.c	2008-04-12 12:10:05.000000000 -0400
+@@ -97,13 +97,31 @@
+ void
+ seahorse_secure_memory_init ()
+ {
+-    GMemVTable vtable;
+-    
+-    memset (&vtable, 0, sizeof (vtable));
+-    vtable.malloc = switch_malloc;
+-    vtable.realloc = switch_realloc;
+-    vtable.free = switch_free;
+-    vtable.calloc = switch_calloc;
+-    g_mem_set_vtable (&vtable);
++    if (seahorse_try_gk_secure_memory() == TRUE) {
++        GMemVTable vtable;
++
++        memset (&vtable, 0, sizeof (vtable));
++        vtable.malloc = switch_malloc;
++        vtable.realloc = switch_realloc;
++        vtable.free = switch_free;
++        vtable.calloc = switch_calloc;
++        g_mem_set_vtable (&vtable);
++    } else {
++        g_warning ("Unable to allocate secure memory from gnome-keyring.\n");
++        g_warning ("Proceeding with insecure password memory instead.\n");
++    }
+ }
+ 
++gboolean
++seahorse_try_gk_secure_memory ()
++{
++    gpointer p;
++
++    p = gnome_keyring_memory_try_alloc (10);
++    if (p != NULL) {
++        gnome_keyring_memory_free (p);
++        return TRUE;
++    }
++
++    return FALSE;
++}
diff --git a/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.h b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.h
new file mode 100644
index 000000000000..354b563ac779
--- /dev/null
+++ b/security/seahorse/files/patch-libseahorse_seahorse-secure-memory.h
@@ -0,0 +1,11 @@
+--- libseahorse/seahorse-secure-memory.h.orig	2008-04-11 09:33:34.000000000 -0400
++++ libseahorse/seahorse-secure-memory.h	2008-04-11 09:34:12.000000000 -0400
+@@ -34,6 +34,7 @@
+     } while (0)
+ 
+ /* This must be called before any glib/gtk/gnome functions */
+-void    seahorse_secure_memory_init         (void);
++void     seahorse_secure_memory_init         (void);
++gboolean seahorse_try_gk_secure_memory      (void);
+ 
+ #endif /* _SEAHORSE_SECURE_MEMORY_H_ */