Date: Fri, 18 Oct 1996 08:39:56 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: thorpej@nas.nasa.gov Cc: gibbs@freefall.freebsd.org, karl@mcs.net, jdp@polstra.com, ache@nagual.ru, guido@gvr.win.tue.nl, phk@critter.tfs.com, freebsd-hackers@freebsd.org, tech-userlevel@netbsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <199610181339.IAA02749@brasil.moneng.mei.com> In-Reply-To: <199610180646.XAA13336@lestat.nas.nasa.gov> from "Jason Thorpe" at Oct 17, 96 11:46:37 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 17 Oct 1996 23:10:46 -0700 > "Justin T. Gibbs" <gibbs@freefall.freebsd.org> wrote: > > > >What's the objection to clearing possibly-contaminated structures when a > > >program signifies its done with a privileged resource? > > > > It causes any db client to pay this penalty regardless of what is stored > > in the database. That is bad design. > > Right, and as I said previously, who's to know if there's other sensitive > data in the processes' address space... In addition to paying a performance > cost, you don't really solve anything. I think perhaps we are all in agreement: If a process is managing sensitive data, it needs to be up to the process to handle the security arrangements. I believe that what is lacking is a way to do this right now with a process that uses Berkeley DB... ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610181339.IAA02749>