Date: Fri, 18 Oct 1996 09:04:58 -0700 From: David Greenman <dg@root.com> To: gritton@byu.edu Cc: freebsd-hackers@freebsd.org, tech-userlevel@NetBSD.ORG Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <199610181604.JAA14869@root.com> In-Reply-To: Your message of "Fri, 18 Oct 1996 08:47:06 MDT." <199610181447.IAA05206@saskatchewan.et.byu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>Karl Denninger <karl@Mcs.Net> writes: > >> If there was a separate "destroy-data" call, that would be ok. But there >> isn't, and as such the ONLY way to have any security in these dbm routines >> is to have the system enforce it. > > Adding the call seems easy enough, and seems the most elegant solution. It doesn't solve the real problem. The problem is that applications that were privileged might read sensitive data and store it internally. The dbm routines are only one instance of the "store internally" problem. There are countless other cases where similar things could happen...even temporary garbage on the stack can be a problem. The ONLY solution is to not allow coredumps of processes that might contain sensitive data. The change that was made to hash_buf.c should be backed out and attempts should be made to ensure that the coredump won't happen in cases where sensitive data may be a problem. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610181604.JAA14869>