From owner-freebsd-security  Mon Oct 13 14:56:09 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA27193
          for security-outgoing; Mon, 13 Oct 1997 14:56:09 -0700 (PDT)
          (envelope-from owner-freebsd-security)
Received: from monoid.cs.tcd.ie (monoid.cs.tcd.ie [134.226.38.99])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA27157
          for <freebsd-security@FreeBSD.ORG>; Mon, 13 Oct 1997 14:56:02 -0700 (PDT)
          (envelope-from careilly@monoid.cs.tcd.ie)
Received: from monoid.cs.tcd.ie (localhost.my.domain [127.0.0.1])
	by monoid.cs.tcd.ie (8.8.5/8.8.5) with ESMTP id WAA16921;
	Mon, 13 Oct 1997 22:50:26 +0100 (IST)
Message-Id: <199710132150.WAA16921@monoid.cs.tcd.ie>
To: Brian Mitchell <brian@firehouse.net>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: C2 Trusted FreeBSD? 
X-Address: Department of Computer Science, Trinity College, Dublin 2, Ireland.
X-Phone: +353-(0)1-6081321
In-reply-to: Message from Brian Mitchell 
                              dated today at 17:15.
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <16916.876779425.1@monoid.cs.tcd.ie>
Date: Mon, 13 Oct 1997 22:50:26 +0100
From: Colman Reilly <careilly@monoid.cs.tcd.ie>
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

     > This is defined as follows:
     > "All authorizations to the information contained iwthin a storage object
      
     > shall be revoked prior to initial assignment, allocation or reallocation
      
     > to a subject from the TCB's pool of unused storage objects. No 
     > information, including encrypted representations of information, produce
     d 
     > by a prior subject's actions is to be available to any subject that 
     > obtains access to an object that has been released back to the system."
     > 
     > Basically, we need to purge all memor when it is allocated, or 
     > deallocated.
     > 
     yah, when we release something back into a system, we have to bzero() the
     contents, or something similar.
Well, no we need to ensure that they're zeroed before anyone lese gets them. 

How much does bzero() cost? I was wondering if it would be more efficient to
do a background garbage collector style thing that would zero things in idle
time and would only zero stuff on demand if it hand't been cleared.

Colman