On Mon, 19 Jun 2006 12:11:45 +0200 Dan Lukes <[EMAIL PROTECTED]> wrote:
(snip) > To Nick: OS doesn't zero on free. FreeBSD does*, if the "J" flag is set in _malloc_options / MALLOC_OPTIONS, as per my original message (or at least, I believe this is the case, going by malloc(3)'s man page - please correct me if I'm wrong). * Alright, it doesn't zero, as such, but will (again, unless I've misunderstood the malloc(3) man page) initialise each byte to 0xd0 > For better security of your sensitive data you need zero the memory by > self. For inspiration I recommend to see the CRYPT_malloc/CRYPT_free > implementation in OpenSSL. Don't forget the edge situations also (when > your program can prematurely exits, you need the clean the key memory > on "atexit" or so). Good point, I hadn't thought of that! > You may need to avoid swapping of memory with sensitive data also - see > man mlock. > > But security knows no simple measures. You need think carefully about > your specific situation then decide what measures are appropriate. More > security measures may not cause more real security - it can have > opposite effect also. > > Dan > > > -- > Dan Lukes SISAL MFF UK > AKA: [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED] -- Nick Withers email: [EMAIL PROTECTED] Web: http://www.nickwithers.com Mobile: +61 414 397 446 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
