Sebastien Marie <semarie@online.fr> wrote:
> The diff switchs the function sc_mem_secure_alloc() to uses mmap(2) with
> MAP_CONCEAL as we do for secrets (it excludes this chunk of memory from core
> dumps), and to not uses mlock(2). And changes sc_mem_secure_free() too.
Why.
They tried to keep it out of swap, which is meaningless.
Why is keeping it out of core files meaningless? corefiles are not
world-readable, and the user who can read them can still attach with
ptrace and inspect the process, in both these cases.
Why do also you feel compelled to solve a problem --- which the ssh
client doesn't solve? If a program like that doesn'nt solve it, why
does this library, which ges loaded into a behemoth, need to?
What makes this code so special that it needs to use rare functionality
that almost no other code uses?
No comments:
Post a Comment