[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: eww
From: |
Ted Zlatanov |
Subject: |
Re: eww |
Date: |
Fri, 28 Jun 2013 11:12:02 -0400 |
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Fri, 21 Jun 2013 08:58:09 +0200 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Stefan Monnier <address@hidden> writes:
>> Sounds highly hypothetical. If/when eww can be used to access such
>> sites, maybe we can start worrying, but then even if you don't keep it
>> in live data, the sensitive data may linger around in
>> "garbage/free" memory. If you need to worry about that, you need to
>> worry about a lot more than that.
LMI> It's a matter of how big the attack surface is. Leaving the data in
LMI> easily accessible structures indefinitely is a larger attack surface
LMI> than killing off the buffer where the offending data is.
This seems like a sensible use case for an opaque data type (as I've
proposed before) that offers some guarantees that it's stored and wiped
in a more secure manner than the default.
Ted
- Re: eww, (continued)
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/19
- Re: eww, Christopher Schmidt, 2013/06/19
- Re: eww, Stefan Monnier, 2013/06/19
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/20
- Re: eww, Stefan Monnier, 2013/06/20
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/21
- Re: eww,
Ted Zlatanov <=
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/25
- Re: eww, Daimrod, 2013/06/26
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/26
- Re: eww, Ted Zlatanov, 2013/06/19
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/19
- Re: eww, Ted Zlatanov, 2013/06/19
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/20
- Re: eww, chad, 2013/06/19
- Re: eww, Stefan Monnier, 2013/06/19
- Re: eww, Juri Linkov, 2013/06/19