> On Mon, May 01, 2017 at 04:07:27PM -0600, Theo de Raadt wrote: > > > > Let me stop here and ask if the pattern is: "always explicit_bzero > > a password field once it is used"? It might make sense, but some > > of these are heading straight to exit immediately. Is it too much > > to do it then, or is the worry these code patterns might get copied > > elsewhere? > > > > I would fall on the side of "It could get copied elsewhere or hoisted > for other reasons (like pledge)" so do it anyway.
OK, the argument it could get copied into another program, where it is nowhere near a terminal path.. makes sense. So then all of them should get it. It is simply a safer pattern.
