kernel tty buffers and "cold-boot attacks"

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

When I checked the pam-pwauth_suid module for information
leaks I found that kernel buffers used for IPC keep
sensitive information for longer time too.
Most notably tty buffers, because raw tty devices
are used normally to enter passwords.
In this case, since tty input is processed character by
character anyway, it would not cost much to clear the
buffer out after the reader got the data.
Do you think this is OK?

This could be taken much further, but for sockets we have
encrypted protocols. Remain pipes... don't know whether
something should be done here. Would be easy in
the !PIPE_SOCKETPAIR case.

best regards
Matthias





-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------

#
# old_revision [3b62b39eb19047f96c6d90116b21dd2a273dccbc]
#
# patch "sys/kern/tty_subr.c"
#  from [88d0d72a2e267929607be27be5ef704c1303d874]
#    to [c10c1d8f922303e7235c65e8f531624242bd894d]
#
============================================================
--- sys/kern/tty_subr.c 88d0d72a2e267929607be27be5ef704c1303d874
+++ sys/kern/tty_subr.c c10c1d8f922303e7235c65e8f531624242bd894d
@@ -129,6 +129,7 @@ getc(struct clist *clp)
                        c |= TTY_QUOTE;
 #endif
        }
+       *clp->c_cf = 0;
        if (++clp->c_cf == clp->c_ce)
                clp->c_cf = clp->c_cs;
        if (--clp->c_cc == 0)