| From: | Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> |
|---|---|
| To: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Password security question |
| Date: | 2002-12-17 02:17:49 |
| Message-ID: | Pine.LNX.4.21.0212171315130.31083-100000@linuxworld.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Tue, 17 Dec 2002, Christopher Kings-Lynne wrote:
> Hi guys,
>
> Just a thought - do we explicitly wipe password strings from RAM after using
> them?
>
> I just read an article (by MS in fact) that illustrates a cute problem.
> Imagine you memset the password to zeros after using it. There is a good
> chance that the compiler will simply remove the memset from the object code
> as it will seem like it can be optimised away...
Bugtraq discussion claims that GCC >=3 are not affected by this. Variables
which are affected by code that cannot be optimised away should be marked
volitile anyway.
Gavin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-12-17 15:45:02 | pgsql-server/src/pl/plpgsql/src pl_exec.c |
| Previous Message | Christopher Kings-Lynne | 2002-12-17 02:07:55 | Password security question |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Janardhan | 2002-12-17 02:35:49 | Re: Big 7.4 items |
| Previous Message | Christopher Kings-Lynne | 2002-12-17 02:07:55 | Password security question |