Re: Suggestion: erase data posted to the Web

[devnull@xxxxxxxxxxxxxxxxxxxxxx]

[I am so thoroughly sick of broken-bounces cluttering up my mailbox
every time I mail to bugtraq that I'm posting with a From: address that
accepts mail and completely discards it.  Use the address in my
signature if you want to actually reach me.]

> Of course, it's trivial to memset over a sensitive area when you're
> done with it, so programs ought to do so.  Locking pages to prevent
> them from being written to disk may be more difficult: if it doesn't
> require special privilege then it's a potential DOS against physical
> memory resources, and if it does, then you may have to grant programs
> more privilege than they should have, creating a worse security hole.

The only security hole you'd create would be that DOS you mention.

Unless, of course, you're using an OS with a severely broken privilege
system, like the all-or-nothing model most Unix variants use.  But
nobody would be silly enough to try to write secure code under
something like that, surely?

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse@xxxxxxxxxxxxxxxxxxxxxx
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B