Date: Mon, 13 Oct 1997 21:01:41 -0500 (CDT) From: Jim Bryant <jbryant@unix.tfs.net> To: tlambert@primenet.com (Terry Lambert) Cc: freebsd-hackers@freebsd.org Subject: Re: C2 Trusted FreeBSD? Message-ID: <199710140201.VAA02245@argus.tfs.net> In-Reply-To: <199710140042.RAA16597@usr07.primenet.com> from Terry Lambert at "Oct 14, 97 00:42:39 am"
next in thread | previous in thread | raw e-mail | index | archive | help
In reply: > > > Basically, we need to purge all memor when it is allocated, or > > > deallocated. > > > > yah, when we release something back into a system, we have to bzero() the > > contents, or something similar. > > This is interesting. Can you give a small sample program for accessing > data from another program? As far as I know, pages are either filled > from a swap store (and contain data accessable to you) or zero-filled; > I can't think of a way (off the top of my head) to make this not true. he is right.. i think that this is required for even c2... simply change all new page allocations to zero each core cell prior to returning the page to the caller. in other words all calls to malloc must be using the calloc system call [syscall table]. i also believe that all swap pages and core would have to be zeroed UPON FREE also. the swap pages would have to be WRITTEN SYNCHRONOUSLY to zero them verifiably. performance drop, i know... also, would a FIPS three-pass scrub be needed for this? if so, vm perfs will go to crap. i think just a single-pass swap-page scrub will suffice though... jim -- All opinions expressed are mine, if you | "I will not be pushed, stamped, think otherwise, then go jump into turbid | briefed, debriefed, indexed, or radioactive waters and yell WAHOO !!! | numbered!" - #1, "The Prisoner" ------------------------------------------------------------------------------ Inet: jbryant@tfs.net AX.25: kc5vdj@wv0t.#neks.ks.usa.noam grid: EM28pw voice: KC5VDJ - 6 & 2 Meters AM/FM/SSB, 70cm FM. http://www.tfs.net/~jbryant ------------------------------------------------------------------------------ HF/6M/2M: IC-706-MkII, 2M: HTX-212, 2M: HTX-202, 70cm: HTX-404, Packet: KPC-3+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710140201.VAA02245>