Bugtraq mailing list archives
Re: Suggestion: erase data posted to the Web
From: devnull () Rodents Montreal QC CA
Date: Fri, 9 Jul 2004 01:47:34 -0400 (EDT)
[I am so thoroughly sick of broken-bounces cluttering up my mailbox every time I mail to bugtraq that I'm posting with a From: address that accepts mail and completely discards it. Use the address in my signature if you want to actually reach me.]
Of course, it's trivial to memset over a sensitive area when you're done with it, so programs ought to do so. Locking pages to prevent them from being written to disk may be more difficult: if it doesn't require special privilege then it's a potential DOS against physical memory resources, and if it does, then you may have to grant programs more privilege than they should have, creating a worse security hole.
The only security hole you'd create would be that DOS you mention. Unless, of course, you're using an OS with a severely broken privilege system, like the all-or-nothing model most Unix variants use. But nobody would be silly enough to try to write secure code under something like that, surely? /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse () rodents montreal qc ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Suggestion: erase data posted to the Web Andrew Daviel (Jul 07)
- Re: Suggestion: erase data posted to the Web Nick Lamb (Jul 08)
- Re: Suggestion: erase data posted to the Web Luciano Miguel Ferreira Rocha (Jul 08)
- <Possible follow-ups>
- RE: Suggestion: erase data posted to the Web Michael Wojcik (Jul 08)
- Re: Suggestion: erase data posted to the Web devnull (Jul 09)