Date: Mon, 30 Mar 2009 09:13:53 -0700 From: Xin LI <delphij@delphij.net> To: user@vk2pj.dyndns.org Cc: svn-src-head@FreeBSD.ORG, svn-src-all@FreeBSD.ORG, src-committers@FreeBSD.ORG, Xin LI <delphij@FreeBSD.ORG> Subject: Re: svn commit: r190482 - in head/lib/libc/db: . btree hash mpool Message-ID: <49D0EFC1.7030706@delphij.net> In-Reply-To: <20090330101850.GB31695@server.vk2pj.dyndns.org> References: <200903280400.n2S40kW1083700@svn.freebsd.org> <20090330101850.GB31695@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 user@vk2pj.dyndns.org wrote: [...] > Given that db runs with the same privileges as the process using it, I > don't see how zeroing memory eliminates any information leak - the > process can directly open and read the underlying db file itself. > Zeroing on allocation may fix any potential issue with uninitialised > structures and prevent the return of garbage in "holes" but that's not > an information leak. The process that can read sensitive information _could_ sometimes write something that can be read by non privileged process. It's known in kern/123529 where spwd.db contents could be leaked into aliases.db, for instance. Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAknQ78EACgkQi+vbBBjt66AJaQCgg5TONSuHZaGKkPB9W2tOLyhc 1qkAn3wLsADUT+6tRerLYbOP2QIeKW1j =WYob -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49D0EFC1.7030706>