Usage of memset to eradicate string content

Arnaud Versini arnaud.versini at gmail.com
Sat Aug 25 06:25:42 PDT 2012 

I posted a first patch to remove the string anhnilation inside the PDF
import. Better idea to remove this now instead of replacing rtl_zeroMemory
by a memset and remove it. So could you review it, I'm not sure if I can
modify pdf import now or if we want to import modification from Apache.

https://gerrit.libreoffice.org/#/c/489/

Thanks in advance

I plan to propose a string implementation with memory erasure during the
string destruction and with memory locking in RAM if it can be useful.

2012/8/24 Michael Stahl <mstahl at redhat.com>

> On 24/08/12 12:53, Caolán McNamara wrote:
> > On Thu, 2012-08-23 at 21:00 +0200, Arnaud Versini wrote:
> >> Hi everyone,
> >>
> >> I noticed in the code some annihilation of O[U]String content by using
> >> memset or rtl_zeroMemory directly on the content as a password
> >> security. It breaks encapsulation and the string immutability, not so
> >> good. I think there is four possibilities, in order of my personal
> >> preference ;-) :
> >>      1. Don't eradicate the string content, the content remain in RAM
> >>         until the string deletion and a new allocation of the area
> >
> > So, looking at the code that "trashes" the password it doesn't make a
> > whole pile of sense to me. There's a OUString which is converted to a
> > OString, and the OString is then mangled with a
> > rtl_zeroMemory((void*)foo.getStr(), foo.getLength()) after use, but the
> > original OUString remains. So only the copy gets mangled, not the
> > original.
>
> well clearly that _is_ just security theater  :)
>
> > Best IMO to remove the Zeroing. If we want to do this sort of stuff,
> > we'd really need a single secure password class kind of thing, and use
> > it consistently, rather than arbitrarily butchering the occasional
> > OString.
>
> agreed (see my other mail from yesterday for details).
>
>
> _______________________________________________
> LibreOffice mailing list
> LibreOffice at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/libreoffice
>



-- 
Arnaud Versini
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120825/5c24fabe/attachment-0001.html>

More information about the LibreOffice mailing list