Date: Tue, 22 Oct 1996 10:43:47 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: p.richards@elsevier.co.uk (Paul Richards) Cc: marcs@znep.com, thorpej@nas.nasa.gov, freebsd-hackers@freebsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <199610221743.KAA08215@phaeton.artisoft.com> In-Reply-To: <57loczl1x3.fsf@tees.elsevier.co.uk> from "Paul Richards" at Oct 22, 96 11:38:00 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Not all programs that hold sensitive data need necessarily be run > setuid so the above is not that secure. Arbitrarily clearing memory is > not a great solution as people have already pointed out, besides, > what's stopping me getting access to that memory while the program is > running before the memory is freed, say by attaching a debugger. I consider my netnews state information "sensitive". Examining it could result in you gaining demographic information about me which I would prefer you not have. This whole discussion is edging on the ridiculous. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610221743.KAA08215>