KPasswordEdit patch (was Re: new widgets...)
ryan at completely.kicks-ass.org
Fri Sep 27 10:44:52 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
On September 27, 2002 02:39, Thomas Zander wrote:
> As a sidenote; not all implementations of malloc zero-fill the memory
> before returning it; therefor _any_ user can grab all memory which is free
> in the system and search for passwords, even of passwords of other users.
Linux (and any other -sane- kernel) zeroes pages allocated by user space. So
even if your malloc(3) implementation isn't zeroing memory, sbrk(2) and
mmap(2) sure are.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the kde-core-devel