[illumos-Developer] Proposal: Add memory clearing allocator to libnvpair

Albert Lee trisk at opensolaris.org
Thu Jan 27 21:10:47 PST 2011 

On Wed, Jan 26, 2011 at 7:52 PM, Samuel Younge
<Samuel.Younge at holyroyal.com> wrote:
>
> It seems a bit troubling that nvlist_xalloc is accepting nvl as a reference rather than a value, but I cannot access my code base at the moment to be sure of this. What are your thoughts? Although, I like your intention of not leaving passwords pins key etc. hanging about.
>

Why is that troubling? The variable is uninitalised and the purpose of
nvlist_xalloc is to perform the assignment.

-Albert

>
>
> On Jan 26, 2011, at 13:42, Jason King <jason.brian.king at gmail.com> wrote:
>
>> Something that's hopefully minor and not controversial.  I was
>> planning to do this for the work I'm doing with the IKEv2 support, but
>> figured it's probably generally enough useful to live outside of it.
>>
>> The libnvpair library (userland) normally uses the malloc/free
>> commands for its memory requirements.  It also specifies a pluggable
>> allocator interface for use with the nvlist_xalloc(3nvpair) and
>> nvlist_xdup(3nvpair) function.  I would like to propose to add to
>> libnvpair an allocator that zeros out the memory when allocated and
>> freed.  This would be useful in situations where nvlists may contain
>> sensitive information such as passwords/pins/keys/etc.
>>
>> Specifically, add to libnvpair.h
>>
>> extern nv_alloc_t *nv_alloc_zero;
>>
>> Programs can then use (return codes elided for clarity):
>>
>> nvlist_t *nvl;
>> int flags = ...; /* NV_UNIQUE_NAME, NV_UNIQUE_NAME_TYPE or 0 */
>>
>> nvlist_xalloc(&nvl, flags, nv_alloc_zero);
>> ...
>> add/remove data from nvlist
>> ...
>> nvlist_free(nvl);
>>
>> And the memory used will be zeroed out before being returned to the
>> system via free(3c).
>>
>> _______________________________________________
>> Developer mailing list
>> Developer at lists.illumos.org
>> http://lists.illumos.org/m/listinfo/developer
>
>
>
> _______________________________________________
> Developer mailing list
> Developer at lists.illumos.org
> http://lists.illumos.org/m/listinfo/developer
>

More information about the Developer mailing list