Index: runtime/doc/options.txt =================================================================== RCS file: /cvsroot/vim/vim/runtime/doc/options.txt,v retrieving revision 1.74 diff -r1.74 options.txt 3874a3875,3897 > *'mlock'* *'nomlock'* > 'mlock' boolean (default: off) > global > Calls mlockall(MCL_CURRENT|MCL_FUTURE) to ensure that nothing > gets paged to disk. When editing sensitive data (say, /etc/shadow > or a personal letter to someone), parts of it may get "swapped out" > to virtual memory, where an adversary might be able to read it > long after you have exited vim. Setting mlock prevents any of > vim's memory pages from being swapped out. This command can only > be used by the "root" user. > > For best results, use mlock with the "-n" command-line option > to prevent .swp files from being created. For instance, to edit > an encrypted file foo.gpg using GPG (or PGP) so that its plaintext > never gets saved to disk, > > $ vim -n > :set mlock > :%! gpg -o - foo.gpg > [The decrypted contents of foo.gpg appear] > :%! gpg -o bar.gpg -c > [GPG prints: Enter passphrase: ] > Index: runtime/doc/quickref.txt =================================================================== RCS file: /cvsroot/vim/vim/runtime/doc/quickref.txt,v retrieving revision 1.56 diff -r1.56 quickref.txt 744a745 > |'mlock'| locks all memory pages (must be root) Index: src/config.h.in =================================================================== RCS file: /cvsroot/vim/vim/src/config.h.in,v retrieving revision 1.32 diff -r1.32 config.h.in 210a211 > #undef HAVE_SYS_MMAN_H 355a357,363 > > /* Define if we have mlockall() */ > #undef HAVE_MLOCKALL > > /* Define if we have munlockall() */ > #undef HAVE_MUNLOCKALL > Index: src/configure.in =================================================================== RCS file: /cvsroot/vim/vim/src/configure.in,v retrieving revision 1.74 diff -r1.74 configure.in 1606c1606 < sys/acl.h sys/access.h sys/sysctl.h sys/sysinfo.h) --- > sys/acl.h sys/access.h sys/mman.h sys/sysctl.h sys/sysinfo.h) 1966,1969c1966,1969 < memset nanosleep opendir putenv qsort readlink select setenv \ < setpgid setsid sigaltstack sigstack sigset sigsetjmp sigaction \ < sigvec strcasecmp strerror strftime stricmp strncasecmp strnicmp \ < strpbrk strtol tgetent towlower towupper usleep utime utimes) --- > memset mlockall munlockall nanosleep opendir putenv qsort readlink \ > select setenv setpgid setsid sigaltstack sigstack sigset sigsetjmp \ > sigaction sigvec strcasecmp strerror strftime stricmp strncasecmp \ > strnicmp strpbrk strtol tgetent towlower towupper usleep utime utimes) Index: src/gui.c =================================================================== RCS file: /cvsroot/vim/vim/src/gui.c,v retrieving revision 1.82 diff -r1.82 gui.c 151a152,160 > #if defined HAVE_MLOCKALL && HAVE_MUNLOCKALL > /* Children don't inherit mlock settings -JH */ > if (pid == 0) { > if(p_mlock) { > mlockall(MCL_CURRENT | MCL_FUTURE); > } > } > #endif > Index: src/if_cscope.c =================================================================== RCS file: /cvsroot/vim/vim/src/if_cscope.c,v retrieving revision 1.20 diff -r1.20 if_cscope.c 728a729,735 > #if defined HAVE_MLOCKALL && HAVE_MUNLOCKALL > /* kids don't inherit mlock settings -JH */ > if(p_mlock) { > mlockall(MCL_CURRENT | MCL_FUTURE); > } > #endif > Index: src/if_sniff.c =================================================================== RCS file: /cvsroot/vim/vim/src/if_sniff.c,v retrieving revision 1.20 diff -r1.20 if_sniff.c 727a728,734 > #if defined HAVE_MLOCKALL && HAVE_MUNLOCKALL > /* children don't inherit mlock settings -JH */ > if(p_mlock) { > mlockall(MCL_CURRENT | MCL_FUTURE); > } > #endif > Index: src/option.c =================================================================== RCS file: /cvsroot/vim/vim/src/option.c,v retrieving revision 1.107 diff -r1.107 option.c 25c25 < * - Add documentation! One line in doc/help.txt, full description in --- > * - Add documentation! One line in doc/quickref.txt, full description in 1439a1440,1446 > > #if defined HAVE_MLOCKALL && HAVE_MUNLOCKALL > {"mlock", NULL, P_BOOL|P_RSTAT, > (char_u *)&p_mlock, PV_NONE, > {(char_u *)FALSE, (char_u *)FALSE}}, > #endif > 5966a5974,5997 > > #if defined HAVE_MLOCKALL && HAVE_MUNLOCKALL > else if ((int *)varp == &p_mlock) > { > if(geteuid() != 0) { > p_mlock = FALSE; > return (char_u *) N_("Only root can lock/unlock memory pages"); > } else { > if(p_mlock) { > if(mlockall(MCL_CURRENT | MCL_FUTURE)) { > p_mlock = FALSE; > return (char_u *) N_("mlockall() failed! Pages not locked"); > } > } else { > if(munlockall()) { > p_mlock = old_value; > > return (char_u *) > N_("munlockall() failed! Pages not unlocked"); > } > } > } > } > #endif Index: src/option.h =================================================================== RCS file: /cvsroot/vim/vim/src/option.h,v retrieving revision 1.49 diff -r1.49 option.h 547a548,550 > #if defined HAVE_MLOCKALL && HAVE_MUNLOCKALL > EXTERN int p_mlock; /* 'mlock' */ > #endif Index: src/os_unix.c =================================================================== RCS file: /cvsroot/vim/vim/src/os_unix.c,v retrieving revision 1.83 diff -r1.83 os_unix.c 3096a3097,3098 > * After installing something suitable, you may need to > * "make distclean". 3388a3391,3401 > > #if defined HAVE_MLOCKALL && HAVE_MUNLOCKALL > /* This is fairly paranoid - the child inherits all the parent's > * pages, so conceivably one of the variables it changes below > * might be in a page with sensitive data, and thus get > * swapped out. -JH */ > > if(p_mlock) { > mlockall(MCL_CURRENT | MCL_FUTURE); > } > #endif Index: src/vim.h =================================================================== RCS file: /cvsroot/vim/vim/src/vim.h,v retrieving revision 1.60 diff -r1.60 vim.h 1700a1701,1704 > #ifdef HAVE_SYS_MMAN_H > #include > #endif >