wk at gnupg
Jun 30, 2009, 3:41 AM
Post #2 of 2
(853 views)
Permalink
|
On Tue, 16 Jun 2009 10:47, simon [at] josefsson said:
> and it suggests to recommend solution is that applications initialize
> libgcrypt, which I don't see how it would work in glibc.
We would need to address a couple of problems. Of course glibc could do
the initialization but only in a standard way without too much secure
memory or with disabled secure memory.
That would lead to problems with applications requiring a different
memory allocator and definitely with FIPS mode.
The best solution I can think about are a modified memory allocator in
glibc to allow setting flags on allocated memory blocks. With such a
feature custom handlers could be invoked from the standard free or
malloc and do whatever they want (i.e clear out that memory or mlock
it). Not an easy change though.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
|
