"Nick Borisov" <[EMAIL PROTECTED]> writes: > Well, providing zeroed pages to processes is not quite similar to > explicit cleaning of pages after use as some security standards > demand. That's why I'm asking. The "Z" malloc option seems to be > suitable but it's actually for debugging.
Which security standard requires that one part of a process protect itself from another part of the same process? malloc() operates entirely in userland and is entirely replacable; there are plenty of malloc() implementations available both in ports and other places. If you're worried about authentication tokens and the like, our PAM library and modules zero memory used to store authentication data when it is released. So does OpenSSH. If this does not satisfy you, you're going to have to quote the relevant security standards, because it is not clear to me what you want, and I get the feeling that you don't quite know yourself. DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
