|
Bugtraq
mailing list archives
Re: Suggestion: erase data posted to the Web
From: devnull () Rodents Montreal QC CA
Date: Fri, 9 Jul 2004 01:47:34 -0400 (EDT)
[I am so thoroughly sick of broken-bounces cluttering up my mailbox
every time I mail to bugtraq that I'm posting with a From: address that
accepts mail and completely discards it. Use the address in my
signature if you want to actually reach me.]
Of course, it's trivial to memset over a sensitive area when you're
done with it, so programs ought to do so. Locking pages to prevent
them from being written to disk may be more difficult: if it doesn't
require special privilege then it's a potential DOS against physical
memory resources, and if it does, then you may have to grant programs
more privilege than they should have, creating a worse security hole.
The only security hole you'd create would be that DOS you mention.
Unless, of course, you're using an OS with a severely broken privilege
system, like the all-or-nothing model most Unix variants use. But
nobody would be silly enough to try to write secure code under
something like that, surely?
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse () rodents montreal qc ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
 By Date 
By Thread
Current thread:
| 
Intro
