Suggested by <Stefan.Alfredsson@kau.se>.
/* Define to `int' if <signal.h> doesn't define. */
#undef sig_atomic_t
+/* define when your system has sys/time.h */
+#undef HAVE_SYS_TIME_H
+
+/* define when your system has sys/resource.h */
+#undef HAVE_SYS_RESOURCE_H
+
+/* define when your system has the setrlimit function */
+#undef HAVE_SETRLIMIT
AC_HEADER_STDC
AC_CHECK_HEADERS(stdarg.h sys/ioctl.h sysexits.h)
+AC_CHECK_HEADERS(sys/time.h sys/resource.h)
+
+AC_CHECK_FUNCS(setrlimit)
AC_TYPE_SIGNAL
-Q: "Isn't there a security problem that mutt leaves the
- passphrase in memory which will be dumped into core
- files upon errors?"
-
-Yes, you may consider this a security problem. To work
-around this, disable core dumps using resource limits. On
-most systems, this will be the following instruction in
-your shell:
-
- ulimit -c 0
-
-
#include <errno.h>
#include <ctype.h>
+#ifdef HAVE_SYS_RESOURCE_H
+# include <sys/resource.h>
+#endif
+
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+
#ifdef _PGPPATH
PgpExptime = 0;
}
+# if defined(HAVE_SETRLIMIT) && (!defined(DEBUG))
+
+static void disable_coredumps (void)
+{
+ struct rlimit rl = {0, 0};
+ static short done = 0;
+
+ if (!done)
+ {
+ setrlimit (RLIMIT_CORE, &rl);
+ done = 1;
+ }
+}
+
+# endif /* HAVE_SETRLIMIT */
+
int pgp_valid_passphrase (void)
{
time_t now = time (NULL);
+# if defined(HAVE_SETRLIMIT) && (!defined(DEBUG))
+ disable_coredumps ();
+# endif
+
if (now < PgpExptime) return 1; /* just use the cached copy. */
pgp_void_passphrase ();
projects / mutt / commitdiff