On 10/19/18 11:49 AM, Erik Janssen wrote:
That said, explicit wipe of the most sensitive parts, probably controlled by the application through options, would be low-cost, and reduces the chance of exporting them in core dumps, etc.
I think that this would be a good way to go.I agree that wiping all allocated memory might have performance impacts and that is generally an overkill. Also because most applications will still keep sensitive information in their own memory. However, for applications that clear their own copy, an option would be nice for libcurl clearing the memory, maybe by an explicit call in the suggested way: > I so see a point in explicitly wiping previous url or credentials when the next one, or empty string, is specified. That way there are no performance impacts for average programs, but programs that care about sensitive data in a special way can explicitly clear it from libcurl.
Sure every effort we take cannot eliminate the possibility to obtain information from the process, but we can shrink the time window and make it harder; and I think we should give the user the possibility to do so.
-- Gabriel
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
