This has been discussed in the past, and it was considered to be hard. But I'm still not convinced it's impossible, and would like to spend some more energy discussing. The motivation for the hammer method would be: "Independence of memory leaks". Yes, memory leaks are bad, but I think it's very hard to make software 100% leak free. We still suffer from the problem that profile switching at runtime is not possible. I would like to propose a possible approach and hear your opinion. Part 1) ======= NSS has global static data. This global static data is initialized at the time the application starts. I suggest NSS should never modify that global static data. Instead, as part of its init logic, it could copy what's needed. Either immediately or when it's needed. When a shutdown is requested, NSS could remove all its copies and return to the clean environment it had on initial load. If this results in any global data now being orphan data, I think that's acceptable. Part 2) ======= Data still hanging around in memory. I think the only serious data is private keys. I don't know whether private keys are actually being kept around in memory, but in case they are, I'd suggest the following approach: - keep a list to all memory areas containing private keys - after doing the shutdown, after the cleanup, if there are still entries, just zero fill all those blocks, which makes sure we won't crash, but nobody will be able to use that data Part 3) ======= Tokens that are in access. If we're not doing that yet, the hammer shutdown could iterate over all know tokens and log them out. In addition, I'd hope there is a pkcs#11 function that can be used to unload/reset any present driver? The question is: By doing all of the above, would that make a hammer shutdown possible?
I'm no longer requesting this feature, I understand it's difficult. Suggesting WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.