KPasswordEdit patch (was Re: new widgets...)

Neil Stevens neil at
Fri Sep 27 10:52:54 BST 2002

Hash: SHA1

On Friday September 27, 2002 02:39, Thomas Zander wrote:>
> Making sure the password is not in memory any longer then it should
> provides that KDE will not be the weakest link in the security chain.

But KDE isn't a weak link here, unless it's choosing to write passwords to 
files without the user asking for it.

Regardless of what KDE does, it's up to the OS to clear the RAM, it's up to 
the OS to make sure that other users can't read your RAM, it's up to the 
OS to keep swap secure, it's up to the OS to enforce permissions.

The OS can keep it secure, or the OS can make sure it's insecure.  Playing 
around with const char *s won't actually protect users from an attacker.

- -- 
Neil Stevens - neil at
"I always cheer up immensely if an attack is particularly wounding
because I think, well, if they attack one personally, it means they
have not a single political argument left." - Margaret Thatcher
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see


More information about the kde-core-devel mailing list