[I am so thoroughly sick of broken-bounces cluttering up my mailbox every time I mail to bugtraq that I'm posting with a From: address that accepts mail and completely discards it. Use the address in my signature if you want to actually reach me.] > Of course, it's trivial to memset over a sensitive area when you're > done with it, so programs ought to do so. Locking pages to prevent > them from being written to disk may be more difficult: if it doesn't > require special privilege then it's a potential DOS against physical > memory resources, and if it does, then you may have to grant programs > more privilege than they should have, creating a worse security hole. The only security hole you'd create would be that DOS you mention. Unless, of course, you're using an OS with a severely broken privilege system, like the all-or-nothing model most Unix variants use. But nobody would be silly enough to try to write secure code under something like that, surely? /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@xxxxxxxxxxxxxxxxxxxxxx / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
