On Fri, Dec 22, 2006 at 03:29:28AM +0100, Christian Biere wrote:
> Christian Biere wrote:
> > > static char pwbuf[1024];
> > pwbuf is/must be NUL-terminated?
> 
> Ok, I noticed that pwbuf[] is static and the check for buflen==0.
> I guess using a mlock()ed buffer instead would be paranoid?

What exactly is the point of this?  The program which prompted for the
user's password, after all, will not be mlocked, and could be swapped
out.

-- 
Thor Lancelot Simon	                                     tls@rek.tjls.com
  "The liberties...lose much of their value whenever those who have greater
   private means are permitted to use their advantages to control the course
   of public debate."					-John Rawls