Erasing sensitive data from memory?

C23 provides memset_explicit() to ensure memory containing sensitive data is cleared.[1] Using a function like this is necessary to avoid compilers optimizing out the operation. Of course, bash isn't optimizing your script for you, but consider this kind of naive solution: $ IFS='' read -e -r -s -

Re: Erasing sensitive data from memory?

On Sun, Apr 21, 2024 at 02:16:57PM -0400, Zachary Santer wrote: > $ IFS='' read -e -r -s -p 'password: ' password > password: seems to be relevant here. I won't say that you have malicious intent here, but a script that behaves in this way is just a step o

Re: Erasing sensitive data from memory?

On Sun, Apr 21, 2024 at 3:05 PM Greg Wooledge wrote: > > seems to be relevant here. > I won't say that you have malicious intent here, but a script that > behaves in this way is just a step or two away from being a password > intercepter. Would you believ

Re: Erasing sensitive data from memory?

On 4/21/24 2:16 PM, Zachary Santer wrote: Does bash malloc new memory for the variable every time it's set? If so, I'd imagine the memory storing the prior version of the variable is free'd, but continues to contain the sensitive data. It depends on the malloc version. The bash malloc overwrit