[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-keyrings
Subject: Re: [PATCH] keyctl: try to wipe keys from memory after use
From: David Howells <dhowells () redhat ! com>
Date: 2019-10-31 13:23:24
Message-ID: 23324.1572528204 () warthog ! procyon ! org ! uk
[Download RAW message or body]
Maciej S. Szmigiero <mail@maciej.szmigiero.name> wrote:
> The key being added or updated likely contains secrets so it would be best
> not to leave it in memory or in a core dump when no longer needed.
>
> Glibc 2.25+ provides the explicit_bzero() function that can be used for
> this purpose, let's utilize it if it is present.
>
> Tested by redefining exit(n) to abort() and inspecting the resulting core
> file for key data.
>
> Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Applied.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic