Thor Lancelot Simon wrote:
> On Fri, Dec 22, 2006 at 03:29:28AM +0100, Christian Biere wrote:
> > Christian Biere wrote:
> > > > static char pwbuf[1024];
> > > pwbuf is/must be NUL-terminated?
> > 
> > Ok, I noticed that pwbuf[] is static and the check for buflen==0.
> > I guess using a mlock()ed buffer instead would be paranoid?
> 
> What exactly is the point of this?  The program which prompted for the
> user's password, after all,

Isn't it possible for the program to read the password into a mlock()ed
buffer when prompting for it? Maybe it's futile for a X11 application
but if you're reading it from a TTY or some other file descriptor, that's
possible, isn't it?

-- 
Christian