Quick Links

Re: using explicit_bzero

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: using explicit_bzero
Date:	2019-07-11 01:11:45
Message-ID:	20190711011145.GE4500@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Mon, Jun 24, 2019 at 02:08:50PM +0900, Michael Paquier wrote:
> CreateRole() and AlterRole() can manipulate a password in plain format
> in memory. The cleanup could be done just after calling
> encrypt_password() in user.c.
>
> Could it be possible to add the new flag in pg_config.h.win32?

While remembering about it... Shouldn't the memset(0) now happening in
base64.c for the encoding and encoding routines when facing a failure
use explicit_zero()?
--
Michael

In response to

Re: using explicit_bzero at 2019-06-24 05:08:50 from Michael Paquier

Responses

Re: using explicit_bzero at 2019-07-22 18:11:29 from Peter Eisentraut

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2019-07-11 02:23:55	Re: progress report for ANALYZE
Previous Message	Michael Paquier	2019-07-11 00:55:01	Re: [sqlsmith] Crash in mcv_get_match_bitmap