Oswald Buddenhagen ossi at
Fri Nov 5 14:06:43 GMT 2004

On Fri, Nov 05, 2004 at 07:42:08AM -0500, George Staikos wrote:
> On Thursday 04 November 2004 19:06, Ingo Klöcker wrote:
> > The other threat is that passwords are written to the swap partition.
> > This can only be countered by using mlock'ed char* memory. mlocking
> > QString is impossible (unless you or Qt writes QSecureString).
>   That's cool, we can provide a mechanism to prevent people from stealing 
> passwords of out KPasswordDialog and instead force them to steal it from 
> whatever uses KPasswordDialog. :)   Really.....  I know the argument you're 
> making and I think it's rather pointless for this.  If someone needs a 
> KSecuredButNotVeryUserFriendlyOri18nCompatiblePasswordDialog, they can use a 
> separate one or a fork of the existing one made more secure.
fwiw, what is your stance on :
KDE [KDM] does not mlock sensitive data (password)
imo this is a cantfix for the PAM case, and a wontfix for the other

Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Chaos, panic, and disorder - my work here is done.

More information about the kde-core-devel mailing list