Re: [SCM] Samba Shared Repository - branch v3-2-test updated -
On Fri, Apr 25, 2008 at 11:36:40AM +0400, Alexander Bokovoy wrote:
> Here we have non-equal behavior. Previously, the mountpassword content
> was zeroed before freeing it due to security reasons. As[/color]
Ah. Looking more carefully I am right and you are wrong. There is no
security benefit in zeroing out the password here. It's before a free,
so just free it.
> mount_cifs_usage() could be called multiple times (its call is in the
> getopt_long()'s loop) and, particulary, after password has been filled
> in, mountpassword's memory could still keep the password. Thus, memset()
> is still needed.[/color]
So what if the discarded memory holds the password ? No one but root
has access to the memory space and root has access to the password
This is "voodoo" security - has no benefit.