On Fri, Jan 18, 2002 at 05:03:51PM +0100, Erik Mouw wrote: > I think those processes free() the buffer but forget to bzero() it > before they do that. Or maybe it's an error in the crypt() > implementation. Either way it's really a bug. > But anyway, it really doesn't matter. With the right permissions only > root has access to /dev/mem so nobody can get the plain text password. > If somebody already got root on the machine, you already *have* a > problem cause (s)he shouldn't have got root anyway. This is true, but what if I can trick a utility to read /dev/mem for me ? It doesn't stop it being a bug of that utility, of course, but it does minimise risk. I suppose we're totally offtopic now ... john -- "Lots of companies would love to be in our hole." - Scott McNealy -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ IRC Channel: irc.openprojects.net / #kernelnewbies Web Page: http://www.kernelnewbies.org/
