[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-keyrings
Subject:    Re: [PATCH] keyctl: try to wipe keys from memory after use
From:       David Howells <dhowells () redhat ! com>
Date:       2019-10-31 13:23:24
Message-ID: 23324.1572528204 () warthog ! procyon ! org ! uk
[Download RAW message or body]

Maciej S. Szmigiero <mail@maciej.szmigiero.name> wrote:

> The key being added or updated likely contains secrets so it would be best
> not to leave it in memory or in a core dump when no longer needed.
> 
> Glibc 2.25+ provides the explicit_bzero() function that can be used for
> this purpose, let's utilize it if it is present.
> 
> Tested by redefining exit(n) to abort() and inspecting the resulting core
> file for key data.
> 
> Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>

Applied.

[prev in list] [next in list] [prev in thread] [next in thread]