Theo Buehler writes:
>
> > A patch to change this has been applied to upstream slock (latest git),
> > see:
> > http://git.suckless.org/slock/commit/?id=a7afade1701a809f6a33b53525d59dd29b38d381
> >
> > I have imported explicit_bzero.c from libressl-portable.
>
> Very cool,
> A patch to change this has been applied to upstream slock (latest git),
> see:
> http://git.suckless.org/slock/commit/?id=a7afade1701a809f6a33b53525d59dd29b38d381
>
> I have imported explicit_bzero.c from libressl-portable.
Very cool, thank you! Patch makes sense to me as it is.
Is there a
On Sat, Jul 30, 2016 at 06:07:57PM +0200, Theo Buehler wrote:
> Currently, slock only clears the entered passwd buffer as part of
> auth_userokay(3). If the user aborts the password entry with ESC or
> clears the entered password with multiple backspaces, a cleartext
> copy of the entered password
Hi Joerg,
Joerg Jung wrote on Sun, Jul 31, 2016 at 07:33:29AM +0200:
> But the slock port is a suckless.org tool
> and these tools follow own rules,
Oops, indeed. I haven't studied the suckless.org concepts
in detail, but i am aware that they do some things in unusual
ways and feel strongly
> Am 31.07.2016 um 00:51 schrieb Ingo Schwarze :
>
> Hi Theo,
>
> Theo Buehler wrote on Sat, Jul 30, 2016 at 09:33:01PM +0200:
>
>> ++#ifdef HAVE_EXPLICIT_BZERO
>> ++#define CLEAR_PASSWORD(p, len) explicit_bzero((p), (len))
>> ++#else
>> ++#define CLEAR_PASSWORD(p, len)
>Then encourage upstream to:
>
> 1. Include a file compat_explicit_bzero.c into their tarball.
>Ideally, talk to some of our C wizards (like tedu@) how
>a portable implementation should look like. I suspect
>that src/lib/libc/string/explicit_bzero.c will not be
>very portable and
Hi Theo,
Theo Buehler wrote on Sat, Jul 30, 2016 at 09:33:01PM +0200:
> ++#ifdef HAVE_EXPLICIT_BZERO
> ++#define CLEAR_PASSWORD(p, len) explicit_bzero((p), (len))
> ++#else
> ++#define CLEAR_PASSWORD(p, len) memset((p), 0, (len))
> ++#endif
Not to be a prick or to start a bikeshed - i'm not
On Sat, Jul 30, 2016 at 08:02:56PM +0200, Jeremie Courreges-Anglas wrote:
>
> Theo Buehler writes:
>
> > On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote:
> >>
> >> > Am 30.07.2016 um 18:07 schrieb Theo Buehler :
> >> >
> >> > Currently, slock
On Sat, Jul 30, 2016 at 08:02:56PM +0200, Jeremie Courreges-Anglas wrote:
>
> Theo Buehler writes:
>
> > On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote:
> >>
> >> > Am 30.07.2016 um 18:07 schrieb Theo Buehler :
> >> >
> >> > Currently, slock
On Sat, Jul 30, 2016 at 07:03:56PM +0200, Theo Buehler wrote:
> On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote:
> >
> > > Am 30.07.2016 um 18:07 schrieb Theo Buehler :
> > >
> > > Currently, slock only clears the entered passwd buffer as part of
> > >
>> On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote:
>>>
>>> > Am 30.07.2016 um 18:07 schrieb Theo Buehler :
>>> >
>>> > Currently, slock only clears the entered passwd buffer as part of
>>> > auth_userokay(3). If the user aborts the password entry with ESC or
>>> >
Theo Buehler writes:
> On Sat, Jul 30, 2016 at 06:30:40PM +0200, Joerg Jung wrote:
>>
>> > Am 30.07.2016 um 18:07 schrieb Theo Buehler :
>> >
>> > Currently, slock only clears the entered passwd buffer as part of
>> > auth_userokay(3). If the user aborts
> Am 30.07.2016 um 18:07 schrieb Theo Buehler :
>
> Currently, slock only clears the entered passwd buffer as part of
> auth_userokay(3). If the user aborts the password entry with ESC or
> clears the entered password with multiple backspaces, a cleartext
> copy of the entered
Currently, slock only clears the entered passwd buffer as part of
auth_userokay(3). If the user aborts the password entry with ESC or
clears the entered password with multiple backspaces, a cleartext
copy of the entered password is kept in memory. Use explicit_bzero()
to avoid this.
While there,
14 matches
Mail list logo