From owner-freebsd-hackers Tue Oct 22 12:40:07 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA25681 for hackers-outgoing; Tue, 22 Oct 1996 12:40:07 -0700 (PDT) Received: from critter.tfs.com (disn5.cybercity.dk [194.16.57.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA25621; Tue, 22 Oct 1996 12:39:53 -0700 (PDT) Received: from critter.tfs.com (localhost.tfs.com [127.0.0.1]) by critter.tfs.com (8.7.5/8.7.3) with ESMTP id VAA06352; Tue, 22 Oct 1996 21:38:15 +0200 (MET DST) To: Terry Lambert cc: p.richards@elsevier.co.uk (Paul Richards), marcs@znep.com, thorpej@nas.nasa.gov, freebsd-hackers@freebsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c In-reply-to: Your message of "Tue, 22 Oct 1996 10:43:47 PDT." <199610221743.KAA08215@phaeton.artisoft.com> Date: Tue, 22 Oct 1996 21:38:15 +0200 Message-ID: <6350.846013095@critter.tfs.com> From: Poul-Henning Kamp Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199610221743.KAA08215@phaeton.artisoft.com>, Terry Lambert writes: >> Not all programs that hold sensitive data need necessarily be run >> setuid so the above is not that secure. Arbitrarily clearing memory is >> not a great solution as people have already pointed out, besides, >> what's stopping me getting access to that memory while the program is >> running before the memory is freed, say by attaching a debugger. > >I consider my netnews state information "sensitive". Examining it >could result in you gaining demographic information about me which >I would prefer you not have. Who wouldn't kill to have a chance to peek into ~terry/.newsrc ? :-) -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.