emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eww


From: Ted Zlatanov
Subject: Re: eww
Date: Fri, 28 Jun 2013 11:12:02 -0400
User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Fri, 21 Jun 2013 08:58:09 +0200 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> Stefan Monnier <address@hidden> writes:
>> Sounds highly hypothetical.  If/when eww can be used to access such
>> sites, maybe we can start worrying, but then even if you don't keep it
>> in live data, the sensitive data may linger around in
>> "garbage/free" memory.  If you need to worry about that, you need to
>> worry about a lot more than that.

LMI> It's a matter of how big the attack surface is.  Leaving the data in
LMI> easily accessible structures indefinitely is a larger attack surface
LMI> than killing off the buffer where the offending data is.

This seems like a sensible use case for an opaque data type (as I've
proposed before) that offers some guarantees that it's stored and wiped
in a more secure manner than the default.

Ted




reply via email to

[Prev in Thread] Current Thread [Next in Thread]