[35651] in bugtraq
Re: Suggestion: erase data posted to the Web
daemon@ATHENA.MIT.EDU (devnull@Rodents.Montreal.QC.CA)
Fri Jul 9 16:11:20 2004
Message-Id: <200407090615.CAA03012@Sparkle.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Date: Fri, 9 Jul 2004 01:47:34 -0400 (EDT)
To: BUGTRAQ@securityfocus.com
From: devnull@Rodents.Montreal.QC.CA
In-Reply-To: <75C025AE395F374B81F6416B1D4BDEFB01C3BF3C@mtv-corpmail.microfocus.com>
[I am so thoroughly sick of broken-bounces cluttering up my mailbox
every time I mail to bugtraq that I'm posting with a From: address that
accepts mail and completely discards it. Use the address in my
signature if you want to actually reach me.]
> Of course, it's trivial to memset over a sensitive area when you're
> done with it, so programs ought to do so. Locking pages to prevent
> them from being written to disk may be more difficult: if it doesn't
> require special privilege then it's a potential DOS against physical
> memory resources, and if it does, then you may have to grant programs
> more privilege than they should have, creating a worse security hole.
The only security hole you'd create would be that DOS you mention.
Unless, of course, you're using an OS with a severely broken privilege
system, like the all-or-nothing model most Unix variants use. But
nobody would be silly enough to try to write secure code under
something like that, surely?
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
