Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 14 Mar 2011 03:56:06 -0400
From: Andrew Clausen <clausen@...n.upenn.edu>
To: Pierre Joye <pierre.php@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: announcing libwipe

Hi Pierre,

Thanks for your kind email.

My (limited) understanding of GPL3 is that something like LD_PRELOAD
usage would be more or less unrestricted.

On the other hand, I guess this is an unclear legal issue, and
releasing under the LGPL would be adequate for my goal of requiring
improvements to the library to be free.  How does this sound?

Cheers,
Andrew

On 13 March 2011 19:13, Pierre Joye <pierre.php@...il.com> wrote:
> hi,
>
> I like this idea, and could be very useful especially in massive
> shared environment (as in lot of users sharing a server, like web
> servers for example).
>
> My only concern right now is the choice of the gplv3, which is a no go
> for many projects, especially for a library. Any chance to release it
> under a more permissive or non viral license like bsd or MIT?
>
> ps: that's not a license FUD, only a question (before I got shot :).
>
> Cheers,
>
> On Sat, Mar 12, 2011 at 7:29 AM, Andrew Clausen <clausen@...n.upenn.edu> wrote:
>> Hi all,
>>
>> I have written a program called "libwipe" for GNU/Linux to wipe memory
>> as soon as it is not being used.  I am releasing it under the GPL3
>> licence, and you can download it here:
>>
>> http://www.econ.upenn.edu/~clausen/computing/libwipe.tar.gz
>>
>> Any suggestions are appreciated.  In particular, I would like feedback on
>> * which memory mappings should be erased on exit
>> * which project this could be included in (secure-delete?)
>>
>> OVERVIEW
>>
>> This library is designed to make programs respect users' privacy by wiping
>> information when it is no longer needed.  It does not require any modifications
>> to the original programs.  To use it for all programs in a single shell
>> session, set the LD_PRELOAD environment variable with the shell command
>>
>>        export LD_PRELOAD=/usr/local/lib/libwipe.so
>>
>> To use it system-wide, add /usr/local/lib/libwipe.so to the /etc/ld.so.preload
>> configure file.
>>
>> The program uses two mechanisms:
>> (1) when memory is deallocated with free(3), it is zeroed out.
>> (2) when the process terminates, the entire memory is zeroed out.
>>
>> Cheers,
>> Andrew
>>
>
>
>
> --
> Pierre
>
> @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.