Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Suggested-by: SUSE Security Team <security@suse.de>
- Loading branch information
Suggested-by: SUSE Security Team <security@suse.de>
2b33982
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Arrived here from an advisory on oss-sec. You might want to consider wiping the relevant
argv
string on startup to prevent it being visible inps
. There’s an inherent race condition in this, so it’s not a perfect defence, but some software like MySQL believe it is worthwhile.2b33982
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's kinda neat. That specific approach appears to leak the length...
2b33982
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn’t it only leak a 1-bit signal of whether your password was 0-length or not? The last line of the selected section terminates the overwritten string early. And if your password is the empty string, I think you have bigger problems than it being visible in
ps
.2b33982
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I should have read it closer.