From owner-freebsd-hackers Tue Oct 22 10:48:14 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA19173 for hackers-outgoing; Tue, 22 Oct 1996 10:48:14 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA19168 for ; Tue, 22 Oct 1996 10:48:12 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id KAA08215; Tue, 22 Oct 1996 10:43:47 -0700 From: Terry Lambert Message-Id: <199610221743.KAA08215@phaeton.artisoft.com> Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c To: p.richards@elsevier.co.uk (Paul Richards) Date: Tue, 22 Oct 1996 10:43:47 -0700 (MST) Cc: marcs@znep.com, thorpej@nas.nasa.gov, freebsd-hackers@freebsd.org In-Reply-To: <57loczl1x3.fsf@tees.elsevier.co.uk> from "Paul Richards" at Oct 22, 96 11:38:00 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Not all programs that hold sensitive data need necessarily be run > setuid so the above is not that secure. Arbitrarily clearing memory is > not a great solution as people have already pointed out, besides, > what's stopping me getting access to that memory while the program is > running before the memory is freed, say by attaching a debugger. I consider my netnews state information "sensitive". Examining it could result in you gaining demographic information about me which I would prefer you not have. This whole discussion is edging on the ridiculous. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.