Date: Mon, 30 Mar 2009 10:44:02 -0500 From: Brooks Davis <brooks@FreeBSD.org> To: user@vk2pj.dyndns.org Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org, Xin LI <delphij@FreeBSD.org> Subject: Re: svn commit: r190482 - in head/lib/libc/db: . btree hash mpool Message-ID: <20090330154402.GB94338@lor.one-eyed-alien.net> In-Reply-To: <20090330101850.GB31695@server.vk2pj.dyndns.org> References: <200903280400.n2S40kW1083700@svn.freebsd.org> <20090330101850.GB31695@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--p4qYPpj5QlsIQJ0K Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 30, 2009 at 09:18:50PM +1100, user@vk2pj.dyndns.org wrote: > Hi Xin, >=20 > On 2009-Mar-28 04:00:46 +0000, Xin LI <delphij@freebsd.org> wrote: > >Log: > > When allocating memory, zero out them if we don't intend to overwrite = them > > all; before freeing memory, zero out them before we release it as free > > heap. This will eliminate some potential information leak issue. >=20 > Given that db runs with the same privileges as the process using it, I > don't see how zeroing memory eliminates any information leak - the > process can directly open and read the underlying db file itself. > Zeroing on allocation may fix any potential issue with uninitialised > structures and prevent the return of garbage in "holes" but that's not > an information leak. Consider /etc/pwd.db. It's world readable, but written by a program that also wrote /etc/spwd.db which definitely is not. -- Brooks --p4qYPpj5QlsIQJ0K Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFJ0OjBXY6L6fI4GtQRAvESAJ99iSa/Int9pUI2qDadRu07tXSsQQCgwR7p ODjNiyr9ZQ1twawRPNNyC+k= =RDbA -----END PGP SIGNATURE----- --p4qYPpj5QlsIQJ0K--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090330154402.GB94338>