KPasswordEdit patch (was Re: new widgets...)

Thomas Zander zander at
Sun Sep 29 19:25:29 BST 2002

On Sat, Sep 28, 2002 at 07:29:26PM -0700, Neil Stevens wrote:
> On Saturday September 28, 2002 07:11, Malte Starostik wrote:
> > It's not only about writing it to swap/disk (that was what the mlock
> > patch would do, but only for root). Think about a multi-user system with
> > an OS that doesn't guarantee memory is zeroed-out. User a enters a
> > password and the process that provided the password edit exits. User b
> > was monitoring this and allocs huge amounts of memory, in the hope he
> > gets the physical memory user a had before. If he succeeds, he can read
> > the password. Granted, it takes some luck but it's possible.
> But that still fails.  Or are you also clearing the memory used by X (for 
> input of the password)
I doubt the '*'s will be any use :)

> and by your network stream (for output of the 
> password)?

I doubt the encrypted connection will be of any use :)

> If you assume an insecure OS, you lose no matter what your code does.  But 
> if you assume a secure OS, then you don't need to resort to cheap tricks 
> like these.  Either way, it's a waste of time.

Ok, you must have heard this before; but real security is only possible if
done from the ground up.
Each and every path must be secure; if you trust others will do it for you
then you are screwed. If not now; then somewhere in the future where there
is a bug in their system.

Your only argument is that there will be other positions that the system
will be cracked and that its useless to do security anyway; well thats your
choice. Please don't limit mine, I believe in the simple principle of 
minimalizing the points of failure.

Thomas Zander   zander at
We are what we pretend to be

More information about the kde-core-devel mailing list