>> If an application has sensitive data in a buffer that it's going to
>> free, it should clear the buffer itself before actually freeing it.
> While this may be good advice for security related data, you surely
> don't mean to say that the kernel isn't in the duty to only hand out
> appropriately initialized memory, do you?

Sure, memory fresh from the kernel must be initialized.  But malloc
reuses free()d memory without ever handing it back to the kernel in
between, which is why the need to clear it yourself if you care about
its getting handed back as part of a later allocation.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B