oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: announcing libwipe

From: Andrew Clausen <clausen () econ upenn edu>
Date: Mon, 14 Mar 2011 03:56:06 -0400
Hi Pierre,

Thanks for your kind email.

My (limited) understanding of GPL3 is that something like LD_PRELOAD
usage would be more or less unrestricted.

On the other hand, I guess this is an unclear legal issue, and
releasing under the LGPL would be adequate for my goal of requiring
improvements to the library to be free.  How does this sound?

Cheers,
Andrew

On 13 March 2011 19:13, Pierre Joye <pierre.php () gmail com> wrote:

hi,

I like this idea, and could be very useful especially in massive
shared environment (as in lot of users sharing a server, like web
servers for example).

My only concern right now is the choice of the gplv3, which is a no go
for many projects, especially for a library. Any chance to release it
under a more permissive or non viral license like bsd or MIT?

ps: that's not a license FUD, only a question (before I got shot :).

Cheers,

On Sat, Mar 12, 2011 at 7:29 AM, Andrew Clausen <clausen () econ upenn edu> wrote:

Hi all,

I have written a program called "libwipe" for GNU/Linux to wipe memory
as soon as it is not being used.  I am releasing it under the GPL3
licence, and you can download it here:

http://www.econ.upenn.edu/~clausen/computing/libwipe.tar.gz

Any suggestions are appreciated.  In particular, I would like feedback on
* which memory mappings should be erased on exit
* which project this could be included in (secure-delete?)

OVERVIEW

This library is designed to make programs respect users' privacy by wiping
information when it is no longer needed.  It does not require any modifications
to the original programs.  To use it for all programs in a single shell
session, set the LD_PRELOAD environment variable with the shell command

       export LD_PRELOAD=/usr/local/lib/libwipe.so

To use it system-wide, add /usr/local/lib/libwipe.so to the /etc/ld.so.preload
configure file.

The program uses two mechanisms:
(1) when memory is deallocated with free(3), it is zeroed out.
(2) when the process terminates, the entire memory is zeroed out.

Cheers,
Andrew





--
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Previous By Date Next
Previous By Thread Next

Current thread: