On 2018-06-23 15:57, Stephan Houben wrote: > Would it not be much simpler and more secure to just disable core dumps? > > /etc/security/limits.conf on Linux. > > If the attacker can cause and read a core dump, the game seems over > anyway since sooner or later he will catch the core dump at a time the > string was not yet deleted.
That's not sufficient. You'd also need to ensure that the memory page is never paged to disk or a visible to gdb, ptrace, or any other kind of debugger. POSIX has mprotect(), but it doesn't necessarily work with malloc()ed memory and requires mmap() memory. Christian _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
