From owner-freebsd-security Tue Oct 14 21:57:52 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA15897 for security-outgoing; Tue, 14 Oct 1997 21:57:52 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from bob.tri-lakes.net ([207.3.81.6]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id VAA15891 for ; Tue, 14 Oct 1997 21:57:48 -0700 (PDT) (envelope-from cdillon@tri-lakes.net) Received: from [207.3.81.150] by bob.tri-lakes.net (NTMail 3.02.13) with ESMTP id sa299694 for ; Tue, 14 Oct 1997 23:57:51 -0500 Message-ID: X-Mailer: XFMail 1.1 [p0] on FreeBSD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <199710141601.KAA10425@obie.softweyr.ml.org> Date: Tue, 14 Oct 1997 23:39:10 -0000 (GMT) From: Chris Dillon To: Wes Peters Subject: Re: C2 Trusted FreeBSD? Cc: security@FreeBSD.ORG, Terry Lambert Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On 14-Oct-97 Wes Peters wrote: >Terry Lambert writes: > > > > Basically, we need to purge all memor when it is allocated, or > > > > deallocated. > > > > > > yah, when we release something back into a system, we have to >bzero() the > > > contents, or something similar. > > > > This is interesting. Can you give a small sample program for >accessing > > data from another program? As far as I know, pages are either filled > > from a swap store (and contain data accessable to you) or zero-filled; > > I can't think of a way (off the top of my head) to make this not true. > >There are no incidences in which pages are returned to you with previous >random cruft left in them? > >And besides, zero-filling memory isn't sufficient, it has to be >overwritten a number of times to make sure now residual information can >be obtained. These standards date back to core and even mercury-wire >memory. Yes, I've actually worked with computers that feature *both* in >my career. ;^) "Sanitizing" the memory we use today would ONLY be required of permanent storage mediums (only magnetic types come to mind.. though this probably applies to the optical-rewritable stuff too). The RAM in our systems would not require this and therefore would be an absolute waste of CPU. The RAM we use consists of either capacitors (dynamic) or transistors (static), both of which lose their data entirely and instantly upon loss of power, not to mention that once you flip a bit, theres no way in hell to tell its previous state, even while power is still applied. (unlike magnetic mediums, where they use some kind of electronic black-magic or sorcery to figure out the last 10 give-or-take 5 writes to a single transition cell... I think IBM did this, didn't they?). The point is, if someone stole your SIMMs out of your BOX to try and steal data from them, they're out of luck.. If they steal what you THINK is a totally blank hard drive or floppy disk that you previously wrote sensitive data to, think again. This is why it is standard policy in some places for drives that went south to not just be thrown away, but completely destroyed with a sledge-hammer. :-) --- Chris Dillon --- cdillon@tri-lakes.net --- Powered by FreeBSD, the best free OS on the planet ---- (http://www.freebsd.org)