|
From: | Daniel Colascione |
Subject: | Re: lexbind: how to replace lexical-let approach to hide secrets |
Date: | Wed, 30 Mar 2011 15:29:12 -0700 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 |
On 3/30/2011 2:56 PM, David Kastrup wrote:
Stefan Monnier<address@hidden> writes:When lexical-binding is set: (let ((data "my secret")) (lambda () data)) returns something like (closure ((data . "my secret") t) () data). If you wan to hide the value, then use: (let ((data (let ((sym (make-symbol "foo"))) (set sym "secret") sym))) (lambda () (symbol-value data))) which is similar to the what lexical-let ends up doing.All of which, by necessity, contain the necessary material to get at the secret in the bytecode/closure/funcell. Where, of course, it is reasonable easy to retrieve it. And that is actually overkill, since you can always just call that closure. Anybody care to tell me what the point of this exercise is actually supposed to be?
The idea is to prevent secrets being accidentally revealed in backtraces, lisp evaluation results, and so on.
By the way: I didn't notice any secret erasure code in auth-source.el. Shouldn't someone somewhere do something like this? I didn't see anything in alloc.c that looks like it'd clear an object's bytes upon deallocation.
(defun secure-erase-secret (my-secret) (dotimes (i (length my-secret)) (setf (aref my-secret i) 0)))
[Prev in Thread] | Current Thread | [Next in Thread] |