KPasswordEdit patch (was Re: new widgets...)
Thomas Zander
zander at planescape.com
Sun Sep 29 19:25:29 BST 2002
On Sat, Sep 28, 2002 at 07:29:26PM -0700, Neil Stevens wrote:
> On Saturday September 28, 2002 07:11, Malte Starostik wrote:
> > It's not only about writing it to swap/disk (that was what the mlock
> > patch would do, but only for root). Think about a multi-user system with
> > an OS that doesn't guarantee memory is zeroed-out. User a enters a
> > password and the process that provided the password edit exits. User b
> > was monitoring this and allocs huge amounts of memory, in the hope he
> > gets the physical memory user a had before. If he succeeds, he can read
> > the password. Granted, it takes some luck but it's possible.
>
> But that still fails. Or are you also clearing the memory used by X (for
> input of the password)
I doubt the '*'s will be any use :)
> and by your network stream (for output of the
> password)?
I doubt the encrypted connection will be of any use :)
> If you assume an insecure OS, you lose no matter what your code does. But
> if you assume a secure OS, then you don't need to resort to cheap tricks
> like these. Either way, it's a waste of time.
Ok, you must have heard this before; but real security is only possible if
done from the ground up.
Each and every path must be secure; if you trust others will do it for you
then you are screwed. If not now; then somewhere in the future where there
is a bug in their system.
Your only argument is that there will be other positions that the system
will be cracked and that its useless to do security anyway; well thats your
choice. Please don't limit mine, I believe in the simple principle of
minimalizing the points of failure.
--
Thomas Zander zander at planescape.com
We are what we pretend to be
More information about the kde-core-devel
mailing list