[I am so thoroughly sick of broken-bounces cluttering up my mailbox
every time I mail to bugtraq that I'm posting with a From: address that
accepts mail and completely discards it. Use the address in my
signature if you want to actually reach me.]
> Of course, it's trivial to memset over a sensitive area when you're
> done with it, so programs ought to do so. Locking pages to prevent
> them from being written to disk may be more difficult: if it doesn't
> require special privilege then it's a potential DOS against physical
> memory resources, and if it does, then you may have to grant programs
> more privilege than they should have, creating a worse security hole.
The only security hole you'd create would be that DOS you mention.
Unless, of course, you're using an OS with a severely broken privilege
system, like the all-or-nothing model most Unix variants use. But
nobody would be silly enough to try to write secure code under
something like that, surely?
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse (at) rodents.montreal.qc (dot) ca [email concealed]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
every time I mail to bugtraq that I'm posting with a From: address that
accepts mail and completely discards it. Use the address in my
signature if you want to actually reach me.]
> Of course, it's trivial to memset over a sensitive area when you're
> done with it, so programs ought to do so. Locking pages to prevent
> them from being written to disk may be more difficult: if it doesn't
> require special privilege then it's a potential DOS against physical
> memory resources, and if it does, then you may have to grant programs
> more privilege than they should have, creating a worse security hole.
The only security hole you'd create would be that DOS you mention.
Unless, of course, you're using an OS with a severely broken privilege
system, like the all-or-nothing model most Unix variants use. But
nobody would be silly enough to try to write secure code under
something like that, surely?
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse (at) rodents.montreal.qc (dot) ca [email concealed]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
[ reply ]