[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clear text passwords in memory

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: Clear text passwords in memory
From: Jeff Bachtel <sebastion_(_at_)_irelandmail_(_dot_)_com>
Date: Wed, 11 Oct 2000 00:15:40 -0500

All of these asides, while amusing, do not preclude the fact that
these different daemons/clients _should_ be wiping the password memory
space when they are done with the information :) If nothing else, it'd
suck to have a ssh client free'd and have another user's process grab
it, and read the memory (although I don't know much about the
possibility of this)

jeff

> >Root can run a tty watcher and thus see your password as you type
> >it if he/she really wants to.  So yes, Theo is correct.  You can
> >encrypt whatever you like but the fact of the matter is that anything
> >can still be intercepted at the tty level with root privileges.
> 
>      Why go that far. Trojan the stinking binary.
> 
>      -Bob

Prev by Date: Re: Clear text passwords in memory
Next by Date: Ethernet adapter
Previous by thread: Re: Clear text passwords in memory
Next by thread: -current
Index(es):
- Date
- Thread

Visit your host, monkey.org