[Python-ideas] Secure string disposal (maybe other inmutable seq types too?)
Ezequiel Brizuela [aka EHB or qlixed]
qlixed at gmail.com
Sat Jun 23 15:55:07 EDT 2018
El sáb., 23 de jun. de 2018 10:58, Stephan Houben <stephanh42 at gmail.com>
escribió:
> Would it not be much simpler and more secure to just disable core dumps?
>
> /etc/security/limits.conf on Linux.
>
> If the attacker can cause and read a core dump, the game seems over anyway
> since sooner or later he will catch the core dump at a time the string was
> not yet deleted.
>
Thing is that this could be leaked in other ways, not just on a core.
Additiinally there is the case when you need a core to debug the issue, you
could be sharing sensitive info without knowing it.
Also is not always an option disabling core generation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20180623/70d6aa16/attachment-0001.html>
More information about the Python-ideas
mailing list