--- Erik Mouw <J.A.K.Mouw@its.tudelft.nl> wrote: > On Fri, Jan 18, 2002 at 11:31:27AM +0000, John Levon wrote: > I think those processes free() the buffer but forget to bzero() it > before they do that. Or maybe it's an error in the crypt() > implementation. > > But anyway, it really doesn't matter. With the right permissions only > root has access to /dev/mem so nobody can get the plain text password. > If somebody already got root on the machine, you already *have* a > problem cause (s)he shouldn't have got root anyway. Lets say process A allocates memory(from the heap), uses this memory to store things like plaintext passwords. Later on process A exits, and all memory regions(pages) used are released(not bzero()'d) Now suppose process B comes along and allocates a lot of memory, such that it a happens to get a lot of pages that used to belong to process A. Isn't it possible that process B can scan these pages for the "junk" process A left behind...so it can find plaintext passwords? -- Kashif __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ IRC Channel: irc.openprojects.net / #kernelnewbies Web Page: http://www.kernelnewbies.org/
