Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Oct 1997 21:01:41 -0500 (CDT)
From:      Jim Bryant <jbryant@unix.tfs.net>
To:        tlambert@primenet.com (Terry Lambert)
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: C2 Trusted FreeBSD?
Message-ID:  <199710140201.VAA02245@argus.tfs.net>
In-Reply-To: <199710140042.RAA16597@usr07.primenet.com> from Terry Lambert at "Oct 14, 97 00:42:39 am"

next in thread | previous in thread | raw e-mail | index | archive | help
In reply:
> > > Basically, we need to purge all memor when it is allocated, or 
> > > deallocated.
> >
> > yah, when we release something back into a system, we have to bzero() the
> > contents, or something similar.
> 
> This is interesting.  Can you give a small sample program for accessing
> data from another program?  As far as I know, pages are either filled
> from a swap store (and contain data accessable to you) or zero-filled;
> I can't think of a way (off the top of my head) to make this not true.

he is right..  i think that this is required for even c2...  simply
change all new page allocations to zero each core cell prior to
returning the page to the caller.  in other words all calls to malloc
must be using the calloc system call [syscall table].

i also believe that all swap pages and core would have to be zeroed
UPON FREE also.  the swap pages would have to be WRITTEN SYNCHRONOUSLY
to zero them verifiably.  performance drop, i know...

also, would a FIPS three-pass scrub be needed for this?  if so, vm perfs
will go to crap.

i think just a single-pass swap-page scrub will suffice though...

jim
-- 
All opinions expressed are mine, if you    |  "I will not be pushed, stamped,
think otherwise, then go jump into turbid  |  briefed, debriefed, indexed, or
radioactive waters and yell WAHOO !!!      |  numbered!" - #1, "The Prisoner"
------------------------------------------------------------------------------
Inet: jbryant@tfs.net    AX.25: kc5vdj@wv0t.#neks.ks.usa.noam     grid: EM28pw
voice: KC5VDJ - 6 & 2 Meters AM/FM/SSB, 70cm FM.   http://www.tfs.net/~jbryant
------------------------------------------------------------------------------
HF/6M/2M: IC-706-MkII, 2M: HTX-212, 2M: HTX-202, 70cm: HTX-404, Packet: KPC-3+



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710140201.VAA02245>