Except for the possibility of somebody breaking in and gaining root privileges I do not fear of (legitimate) root users stealing confidential data. I'm just concerned with the lack of possibility to overwrite string of characters to remove it's contents from memory and make my program more secure.
This program is running as daemon and since it's pretty stable (POE rocks) and does not leak memory it does not get restarted too often. It's the fact that it leaves the trail of it's confidential parameters in memory and that I cannot do anything about it that worries me.
Can I file it as a bug report? :)
Having wipe() in Perl would fix my problem and greatly improved Perl's useability in security related applications. Or having some keyword that would mark variable wipeable by the GC when the data is being released.
I'm looking forward to write userspace filesystem drivers in Linux using Perl, but I would not approach such thing without having means to destroy unwanted confidential data.
|