staikos at kde.org
Fri Nov 5 12:42:08 GMT 2004
On Thursday 04 November 2004 19:06, Ingo Klöcker wrote:
> > I notice the careful attention to using a char* for storing the
> > password, but is this really necessary? I think QString is perfectly
> > acceptable - we have many other ways people can steal passwords from
> > memory anyway.
> Does the operating system clean memory pages after they are freed or
> before they are alloc'ed? If not, then an attacker could simply alloc
> memory and search it for freed passwords. By using char* this threat
> can be countered by zeroing the password before the memory is freed.
> The other threat is that passwords are written to the swap partition.
> This can only be countered by using mlock'ed char* memory. mlocking
> QString is impossible (unless you or Qt writes QSecureString).
That's cool, we can provide a mechanism to prevent people from stealing
passwords of out KPasswordDialog and instead force them to steal it from
whatever uses KPasswordDialog. :) Really..... I know the argument you're
making and I think it's rather pointless for this. If someone needs a
KSecuredButNotVeryUserFriendlyOri18nCompatiblePasswordDialog, they can use a
separate one or a fork of the existing one made more secure.
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel