|
Message-ID: <AANLkTintscsOj1Z0RTrCVUhL+bb3HCQxR5Cmkf0oRj-w@mail.gmail.com> Date: Mon, 14 Mar 2011 03:56:06 -0400 From: Andrew Clausen <clausen@...n.upenn.edu> To: Pierre Joye <pierre.php@...il.com> Cc: oss-security@...ts.openwall.com Subject: Re: announcing libwipe Hi Pierre, Thanks for your kind email. My (limited) understanding of GPL3 is that something like LD_PRELOAD usage would be more or less unrestricted. On the other hand, I guess this is an unclear legal issue, and releasing under the LGPL would be adequate for my goal of requiring improvements to the library to be free. How does this sound? Cheers, Andrew On 13 March 2011 19:13, Pierre Joye <pierre.php@...il.com> wrote: > hi, > > I like this idea, and could be very useful especially in massive > shared environment (as in lot of users sharing a server, like web > servers for example). > > My only concern right now is the choice of the gplv3, which is a no go > for many projects, especially for a library. Any chance to release it > under a more permissive or non viral license like bsd or MIT? > > ps: that's not a license FUD, only a question (before I got shot :). > > Cheers, > > On Sat, Mar 12, 2011 at 7:29 AM, Andrew Clausen <clausen@...n.upenn.edu> wrote: >> Hi all, >> >> I have written a program called "libwipe" for GNU/Linux to wipe memory >> as soon as it is not being used. I am releasing it under the GPL3 >> licence, and you can download it here: >> >> http://www.econ.upenn.edu/~clausen/computing/libwipe.tar.gz >> >> Any suggestions are appreciated. In particular, I would like feedback on >> * which memory mappings should be erased on exit >> * which project this could be included in (secure-delete?) >> >> OVERVIEW >> >> This library is designed to make programs respect users' privacy by wiping >> information when it is no longer needed. It does not require any modifications >> to the original programs. To use it for all programs in a single shell >> session, set the LD_PRELOAD environment variable with the shell command >> >> export LD_PRELOAD=/usr/local/lib/libwipe.so >> >> To use it system-wide, add /usr/local/lib/libwipe.so to the /etc/ld.so.preload >> configure file. >> >> The program uses two mechanisms: >> (1) when memory is deallocated with free(3), it is zeroed out. >> (2) when the process terminates, the entire memory is zeroed out. >> >> Cheers, >> Andrew >> > > > > -- > Pierre > > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.