On 4/21/24 2:16 PM, Zachary Santer wrote:
Does bash malloc new memory for the variable every time it's set? If so, I'd imagine the memory storing the prior version of the variable is free'd, but continues to contain the sensitive data.
It depends on the malloc version. The bash malloc overwrites memory with 0xcf on free if MEMSCRAMBLE is defined (it's on by default on most systems; controllable at configure time; disabled on some systems that have refer- after-free issues in libc). I think this is something malloc should be doing unconditionally. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature