tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Zero it if you're going to copy it out.



On Mon, Jun 25, 2012 at 02:16:33PM +0100, Roger Pau Monne wrote:
> 
> Yes, it doesn't hurt to zero memory if returning it to the user. Who
> knows what might be there previously.

I'm sorry, I can't let this go.

This is not a case of "it doesn't hurt" -- it's a case of "it's absolutely
necessary".  It is completely unacceptable to leak the contents of kernel
memory to the user!

Thor


Home | Main Index | Thread Index | Old Index