This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
fopen mode for buffer clearing
- From: Florian Weimer <fweimer at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 13 Apr 2017 11:41:24 +0200
- Subject: fopen mode for buffer clearing
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 815FD804FC
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 815FD804FC
We used to use mmap for the internal FILE * buffer. This had the side
effect that after fclose, the data in the buffer may not be gone from
the system as a whole, but it will definitely not be part of the address
space of the process anymore. This is desirable if the stdio stream
functions are used to process sensitive data because it reduces the risk
of leaks.
Would it make sense to add an fopen mode flag to indicate that the
implementation should clear the buffer (with explicit_bzero) before
deallocating it? This would also apply to reallocating buffers in getline.
Thanks,
Florian