Zero out the spwd structure and the calculated password. This time using explicit_bzero.
>From 94c271d60120f398b0d50e3258c50b237c9d6b7b Mon Sep 17 00:00:00 2001 From: Jakob Kramer <jakob.kra...@gmx.de> Date: Wed, 30 Apr 2014 14:15:26 +0200 Subject: [PATCH] su: zero out encrypted passwords
--- su.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/su.c b/su.c index d51b1ae..7720c60 100644 --- a/su.c +++ b/su.c @@ -86,6 +86,8 @@ main(int argc, char *argv[]) if (strcmp(cryptpass, spw->sp_pwdp) != 0) eprintf(randreply()); + explicit_bzero(cryptpass, strlen(cryptpass)); + explicit_bzero(spw, sizeof *spw); } errno = 0; -- 1.8.5.1
