Date: Mon, 30 Mar 2009 21:18:50 +1100 From: user@vk2pj.dyndns.org To: Xin LI <delphij@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r190482 - in head/lib/libc/db: . btree hash mpool Message-ID: <20090330101850.GB31695@server.vk2pj.dyndns.org> In-Reply-To: <200903280400.n2S40kW1083700@svn.freebsd.org> References: <200903280400.n2S40kW1083700@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--aT9PWwzfKXlsBJM1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Xin, On 2009-Mar-28 04:00:46 +0000, Xin LI <delphij@freebsd.org> wrote: >Log: > When allocating memory, zero out them if we don't intend to overwrite th= em > all; before freeing memory, zero out them before we release it as free > heap. This will eliminate some potential information leak issue. Given that db runs with the same privileges as the process using it, I don't see how zeroing memory eliminates any information leak - the process can directly open and read the underlying db file itself. Zeroing on allocation may fix any potential issue with uninitialised structures and prevent the return of garbage in "holes" but that's not an information leak. --=20 Peter Jeremy --aT9PWwzfKXlsBJM1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAknQnIoACgkQ/opHv/APuIdbAwCfe30BopQQQEEDgQpuI9LrlXrD g5IAoJcvWJMubXmy0QGhVeeTSLDoKhXt =/Veu -----END PGP SIGNATURE----- --aT9PWwzfKXlsBJM1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090330101850.GB31695>