On Tue, Jan 19, 2016 at 11:53 PM, Ángel González <keisial@xxxxxxxxx> wrote: > That won't work when the data was recovered because it was read inside > a stdio buffer which was not overwritten before being freed. Why is stdio used in such a security-sensitive area anyway ? Is there any performance impact if the code is switched to plain { |open()|, |read()|, ... } (with sufficient wrappers for |EINTR| handling) ? ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz@xxxxxxxxxxx \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev