On 24/08/12 12:53, Caolán McNamara wrote: > On Thu, 2012-08-23 at 21:00 +0200, Arnaud Versini wrote: >> Hi everyone, >> >> I noticed in the code some annihilation of O[U]String content by using >> memset or rtl_zeroMemory directly on the content as a password >> security. It breaks encapsulation and the string immutability, not so >> good. I think there is four possibilities, in order of my personal >> preference ;-) : >> 1. Don't eradicate the string content, the content remain in RAM >> until the string deletion and a new allocation of the area > > So, looking at the code that "trashes" the password it doesn't make a > whole pile of sense to me. There's a OUString which is converted to a > OString, and the OString is then mangled with a > rtl_zeroMemory((void*)foo.getStr(), foo.getLength()) after use, but the > original OUString remains. So only the copy gets mangled, not the > original.
well clearly that _is_ just security theater :) > Best IMO to remove the Zeroing. If we want to do this sort of stuff, > we'd really need a single secure password class kind of thing, and use > it consistently, rather than arbitrarily butchering the occasional > OString. agreed (see my other mail from yesterday for details). _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
