svn commit: r190482 - in head/lib/libc/db: . btree hash mpool
user at vk2pj.dyndns.org
user at vk2pj.dyndns.org
Mon Mar 30 03:18:58 PDT 2009
Hi Xin,
On 2009-Mar-28 04:00:46 +0000, Xin LI <delphij at freebsd.org> wrote:
>Log:
> When allocating memory, zero out them if we don't intend to overwrite them
> all; before freeing memory, zero out them before we release it as free
> heap. This will eliminate some potential information leak issue.
Given that db runs with the same privileges as the process using it, I
don't see how zeroing memory eliminates any information leak - the
process can directly open and read the underlying db file itself.
Zeroing on allocation may fix any potential issue with uninitialised
structures and prevent the return of garbage in "holes" but that's not
an information leak.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-head/attachments/20090330/736c2bc4/attachment.pgp
More information about the svn-src-head
mailing list