From owner-svn-src-head@FreeBSD.ORG Mon Mar 30 16:14:19 2009 Return-Path: Delivered-To: svn-src-head@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C6E14106566B; Mon, 30 Mar 2009 16:14:19 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 689228FC0C; Mon, 30 Mar 2009 16:14:19 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id 8379128448; Tue, 31 Mar 2009 00:14:17 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 133D7EC434F; Tue, 31 Mar 2009 00:14:16 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id 6t0WZTTL3dM5; Tue, 31 Mar 2009 00:14:03 +0800 (CST) Received: from charlie.delphij.net (adsl-76-237-33-62.dsl.pltn13.sbcglobal.net [76.237.33.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 01DB8EB54D4; Tue, 31 Mar 2009 00:13:58 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=VGB84my2E5sTlUUN3JVLwbI8y5U+p+5/ms6Ta1GsKMbm3WN2yR6FLgc/nO/FogkG+ FKZo+lr3qMbYQQF68iQzg== Message-ID: <49D0EFC1.7030706@delphij.net> Date: Mon, 30 Mar 2009 09:13:53 -0700 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.21 (X11/20090324) MIME-Version: 1.0 To: user@vk2pj.dyndns.org References: <200903280400.n2S40kW1083700@svn.freebsd.org> <20090330101850.GB31695@server.vk2pj.dyndns.org> In-Reply-To: <20090330101850.GB31695@server.vk2pj.dyndns.org> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: svn-src-head@FreeBSD.ORG, svn-src-all@FreeBSD.ORG, src-committers@FreeBSD.ORG, Xin LI Subject: Re: svn commit: r190482 - in head/lib/libc/db: . btree hash mpool X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2009 16:14:20 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 user@vk2pj.dyndns.org wrote: [...] > Given that db runs with the same privileges as the process using it, I > don't see how zeroing memory eliminates any information leak - the > process can directly open and read the underlying db file itself. > Zeroing on allocation may fix any potential issue with uninitialised > structures and prevent the return of garbage in "holes" but that's not > an information leak. The process that can read sensitive information _could_ sometimes write something that can be read by non privileged process. It's known in kern/123529 where spwd.db contents could be leaked into aliases.db, for instance. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAknQ78EACgkQi+vbBBjt66AJaQCgg5TONSuHZaGKkPB9W2tOLyhc 1qkAn3wLsADUT+6tRerLYbOP2QIeKW1j =WYob -----END PGP SIGNATURE-----