Re: [evolution-patches] small patch for security

From: Not Zed <notzed ximian com>
To: Jeffrey Stedfast <fejj ximian com>
Cc: evolution-patches lists ximian com
Subject: Re: [evolution-patches] small patch for security
Date: Sat, 10 Jul 2004 09:22:03 +0800

Possible, but it would be better to be optional since it isn't free. Actually now i think about it it should have been a camel-object property. That way it could be propagated to related objects.

On Fri, 2004-07-09 at 12:05 -0400, Jeffrey Stedfast wrote:

Looks good. I wonder if we might just always want to clear memory used
by camel for certain objects all the time tho? CamelMimeFilter could
just always clear the backup buffer and such. We could walways clear
memstream objects, etc.

I dunno, just a thought.

Jeff

On Fri, 2004-07-09 at 13:19 +0800, Not Zed wrote:
> 
> As the comment says, this doesn't really make a huge security
> difference, but provides a first-level attempt, and the start of an
> api for it.
> 
> It Just munges memory of decrypted parts after we're finished with
> them, rather than leaving the data around in memory for bugs to
> potentially expose the data.  Of course this doesn't affect any
> mimefilters or gtkhtml data either ...
> 
> (i left the other outstanding camel bug in the diff 'cause i'm lazy)
> 
> -- 
> 
> Michael Zucchi <notzed ximian com>
> 
> Novell's Evolution and Free
> Software Developer

Michael Zucchi <notzed ximian com>

Novell's Evolution and Free Software Developer

References:
- [evolution-patches] small patch for security
  - From: Not Zed
- Re: [evolution-patches] small patch for security
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]