From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <64e8486ec1051d40af1647708f747d0b@plan9.bell-labs.com>
From: David Presotto <presotto@plan9.bell-labs.com>
To: arwbutch@attbi.com, 9fans@cse.psu.edu
Subject: Re: [9fans] securing memory during password processing
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Date: Mon, 30 Dec 2002 10:08:33 -0500
Topicbox-Message-UUID: 3a0b627a-eacb-11e9-9e20-41e7f4b1d025

The problem is that there is no `end' should the system be reset.  When
the reset button gets hit, its all over.  The next boot could be a system
specially designed by the attacker.  This is especially relevant for
plan 9, since a typical way to shut down for people with diskless
machines it to just reset the machine.

However, it would be wise to zero memory should someone hit ctl-alt-del
or ^t^tr.  That's probably the most used scenario for bringing down the
system.  Factotum itself doesn't really exit and isn't killable but
it would be nice if the kernel wipes any memory of any programs with
'private' set (i.e. those that have made themselves undebuggable by
other processes) should the program exit.