On Wed, 22 Aug 2012 12:57:10 +0200 rustyBSD <rusty...@gmx.fr> said:

> == src/bin/e_desklock.c ==
> during auth, user's password may be written
> to disk (core dump). To avoid that, the solution
> is to limit core file size to 0 with|| setrlimit(). The
> problem is that once set to 0, the file size can't
> be raised; so we can't reset the size to the value
> it was before.
> 
> Here is a little patch.
> 
> Ok or not ?

this is bad... imho... and well.. it's 0 by default on most linux distros i
know of... but we hurt those that want core dumps. but this is all moot
because... e catches its segv's (thus core dumps). :)

here's the problem i have with this though.. fine - not in a core dump - but it
can get swapped out and no one cares :) so it still goes to disk.

the best thing to do here is to be very pro-active about zeroing out the passwd
asap so even if u core or swap u dont see it - there is a small window of
opportunty, but only if there is a crash OR someone segv's the process (kill
-SEGV).,. and even if they do seg it.. e catches its segv's aborts, sigbus's and
doesnt core dump

-- 
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler)    ras...@rasterman.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to