On Thu, Feb 28, 2002 at 09:11:21PM -0800, Jason R Thorpe wrote:
> On Fri, Mar 01, 2002 at 06:59:16AM +0200, Lucio De Re wrote:
> 
>  > Isn't that a security breach?
> 
> If an application has sensitive data in a buffer that it's going to
> free, it should clear the buffer itself before actually freeing it.

Just to be clear, if you move the break pointer up and down, you're
just going to get your *own* nonzeroed memory back, not some other
process's.  In other words, this is just another form of reusing a buffer 
without zeroing it, well-known to be a stupid thing to do unless you
don't care at all about the disclosure of the data that was in the buffer 
before.

But really, who moves the break pointer *down*?  I'm not sure I've ever
seen code that did that.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud