Package: manpages-dev
Severity: normal
I was researching ways to securely purge environment variables, e.g.
where they're used to pass credentials. clearenv(3) says in the NOTES
section:
Used in security-conscious applications. If it is unavailable the
assignment
environ = NULL;
will probably do.
The implementation in glibc just frees the memory and sets the environ
pointer to NULL. Neither this, nor environ = NULL will actually
overwrite the memory used for the environment, so it's misleading to say
that it's used in security-conscious applications. The environment
needs to be zeroed out in order to be securely cleared.
--
- mdz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
