'Re: KPasswordEdit patch (was Re: new widgets...)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KPasswordEdit patch (was Re: new widgets...)
From:       Ryan Cumming <ryan () completely ! kicks-ass ! org>
Date:       2002-09-27 9:44:52
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On September 27, 2002 02:39, Thomas Zander wrote:
> As a sidenote; not all implementations of malloc zero-fill the memory
> before returning it; therefor _any_ user can grab all memory which is free
> in the system and search for passwords, even of passwords of other users.
Linux (and any other -sane- kernel) zeroes pages allocated by user space. So 
even if your malloc(3) implementation isn't zeroing memory, sbrk(2) and 
mmap(2) sure are.

- -Ryan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9lCiZLGMzRzbJfbQRAr/4AJ0eVVE+mgCT0msesp0SnHW9FwSBhgCfSFDf
JuRy4dhOiCUn3Xr6e1oyO+4=
=t6ZM
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic