subject:"x11\/slock\: clear passwords with explicit

Re: x11/slock: clear passwords with explicit_bzero

2016-08-13 Thread Gleydson Soares

Theo Buehler writes: > > > A patch to change this has been applied to upstream slock (latest git), > > see: > > http://git.suckless.org/slock/commit/?id=a7afade1701a809f6a33b53525d59dd29b38d381 > > > > I have imported explicit_bzero.c from libressl-portable. > > Very cool,

Re: x11/slock: clear passwords with explicit_bzero

2016-08-13 Thread Theo Buehler

> A patch to change this has been applied to upstream slock (latest git), > see: > http://git.suckless.org/slock/commit/?id=a7afade1701a809f6a33b53525d59dd29b38d381 > > I have imported explicit_bzero.c from libressl-portable. Very cool, thank you! Patch makes sense to me as it is. Is there a

Re: x11/slock: clear passwords with explicit_bzero

2016-08-13 Thread Hiltjo Posthuma

On Sat, Jul 30, 2016 at 06:07:57PM +0200, Theo Buehler wrote: > Currently, slock only clears the entered passwd buffer as part of > auth_userokay(3). If the user aborts the password entry with ESC or > clears the entered password with multiple backspaces, a cleartext > copy of the entered password

Re: x11/slock: clear passwords with explicit_bzero

2016-07-31 Thread Ingo Schwarze

Hi Joerg, Joerg Jung wrote on Sun, Jul 31, 2016 at 07:33:29AM +0200: > But the slock port is a suckless.org tool > and these tools follow own rules, Oops, indeed. I haven't studied the suckless.org concepts in detail, but i am aware that they do some things in unusual ways and feel strongly

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Joerg Jung

> Am 31.07.2016 um 00:51 schrieb Ingo Schwarze : > > Hi Theo, > > Theo Buehler wrote on Sat, Jul 30, 2016 at 09:33:01PM +0200: > >> ++#ifdef HAVE_EXPLICIT_BZERO >> ++#define CLEAR_PASSWORD(p, len) explicit_bzero((p), (len)) >> ++#else >> ++#define CLEAR_PASSWORD(p, len)

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Theo de Raadt

>Then encourage upstream to: > > 1. Include a file compat_explicit_bzero.c into their tarball. >Ideally, talk to some of our C wizards (like tedu@) how >a portable implementation should look like. I suspect >that src/lib/libc/string/explicit_bzero.c will not be >very portable and

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Ingo Schwarze

Hi Theo, Theo Buehler wrote on Sat, Jul 30, 2016 at 09:33:01PM +0200: > ++#ifdef HAVE_EXPLICIT_BZERO > ++#define CLEAR_PASSWORD(p, len) explicit_bzero((p), (len)) > ++#else > ++#define CLEAR_PASSWORD(p, len) memset((p), 0, (len)) > ++#endif Not to be a prick or to start a bikeshed - i'm not

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Theo Buehler

On Sat, Jul 30, 2016 at 08:02:56PM +0200, Jeremie Courreges-Anglas wrote: > > Theo Buehler writes: > > > On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote: > >> > >> > Am 30.07.2016 um 18:07 schrieb Theo Buehler : > >> > > >> > Currently, slock

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Joerg Jung

On Sat, Jul 30, 2016 at 08:02:56PM +0200, Jeremie Courreges-Anglas wrote: > > Theo Buehler writes: > > > On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote: > >> > >> > Am 30.07.2016 um 18:07 schrieb Theo Buehler : > >> > > >> > Currently, slock

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Joerg Jung

On Sat, Jul 30, 2016 at 07:03:56PM +0200, Theo Buehler wrote: > On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote: > > > > > Am 30.07.2016 um 18:07 schrieb Theo Buehler : > > > > > > Currently, slock only clears the entered passwd buffer as part of > > >

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Theo de Raadt

>> On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote: >>> >>> > Am 30.07.2016 um 18:07 schrieb Theo Buehler : >>> > >>> > Currently, slock only clears the entered passwd buffer as part of >>> > auth_userokay(3). If the user aborts the password entry with ESC or >>> >

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Jeremie Courreges-Anglas

Theo Buehler writes: > On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote: >> >> > Am 30.07.2016 um 18:07 schrieb Theo Buehler : >> > >> > Currently, slock only clears the entered passwd buffer as part of >> > auth_userokay(3). If the user aborts

Re: x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Joerg Jung

> Am 30.07.2016 um 18:07 schrieb Theo Buehler : > > Currently, slock only clears the entered passwd buffer as part of > auth_userokay(3). If the user aborts the password entry with ESC or > clears the entered password with multiple backspaces, a cleartext > copy of the entered

x11/slock: clear passwords with explicit_bzero

2016-07-30 Thread Theo Buehler

Currently, slock only clears the entered passwd buffer as part of auth_userokay(3). If the user aborts the password entry with ESC or clears the entered password with multiple backspaces, a cleartext copy of the entered password is kept in memory. Use explicit_bzero() to avoid this. While there,

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

Re: x11/slock: clear passwords with explicit_bzero

x11/slock: clear passwords with explicit_bzero

14 matches

Site Navigation

Mail list logo

Footer information