[PATCH] memset_s() and talloc_set_secure()
Jeremy Allison
jra at samba.org
Wed Mar 27 15:48:45 UTC 2019
On Wed, Mar 27, 2019 at 08:47:05AM -0700, Jeremy Allison via samba-technical wrote:
> On Wed, Mar 27, 2019 at 11:51:59AM +0100, Andreas Schneider wrote:
> > On Wednesday, March 27, 2019 3:42:58 AM CET Jeremy Allison wrote:
> > > On Wed, Mar 27, 2019 at 02:13:17PM +1300, Andrew Bartlett via samba-
> > technical wrote:
> > > > All I can say is we had an agreed approach, and we have reviewed
> > > > patches but now we are back in the weeds.
> > >
> > > Well let's get more data first on the costs of the flag
> > > approach. If it's costly, then refusing it is clear.
> > >
> > > If it's cheap, then we should look more carefully
> > > at the flag approach because Simo's security arguments
> > > are valid (IMHO).
> > >
> > > Don't want extra complexity we have to pay for if
> > > it's not going to be used, but marking memory as
> > > 'sensitive' does seem to be a feature that will get
> > > used (as we handle security-sensitive data inside
> > > Samba quite a bit).
> >
> > Just to be clear and to avoid double work, you will work on the performance
> > test?
>
> Not immediately. I have some ideas on how it needs
> doing, but I'm not going to be able to get to this
> soon.
If you want this in immediately, take Andrews RB+
and push, and let's make the flag mechanism a future
enhancement.
More information about the samba-technical
mailing list