From owner-freebsd-hackers Mon Oct 13 19:02:08 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA12050 for hackers-outgoing; Mon, 13 Oct 1997 19:02:08 -0700 (PDT) (envelope-from owner-freebsd-hackers) Received: from unix.tfs.net (root@unix.tfs.net [199.79.146.60]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA12036 for ; Mon, 13 Oct 1997 19:01:57 -0700 (PDT) (envelope-from jbryant@argus.tfs.net) Received: from argus.tfs.net (as1-p1.tfs.net [139.146.205.1]) by unix.tfs.net (8.8.5/8.8.5) with ESMTP id VAA14141; Mon, 13 Oct 1997 21:01:32 -0500 Received: (from jbryant@localhost) by argus.tfs.net (8.8.7/8.8.5) id VAA02245; Mon, 13 Oct 1997 21:01:42 -0500 (CDT) From: Jim Bryant Message-Id: <199710140201.VAA02245@argus.tfs.net> Subject: Re: C2 Trusted FreeBSD? In-Reply-To: <199710140042.RAA16597@usr07.primenet.com> from Terry Lambert at "Oct 14, 97 00:42:39 am" To: tlambert@primenet.com (Terry Lambert) Date: Mon, 13 Oct 1997 21:01:41 -0500 (CDT) Cc: freebsd-hackers@freebsd.org Reply-to: jbryant@tfs.net X-Windows: R00LZ!@# MS-Winbl0wz DR00LZ!@# X-Operating-System: FreeBSD 2.2.2-RELEASE #0: Wed Jul 9 01:01:24 CDT 1997 X-Mailer: ELM [version 2.4ME+ PL31H (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In reply: > > > Basically, we need to purge all memor when it is allocated, or > > > deallocated. > > > > yah, when we release something back into a system, we have to bzero() the > > contents, or something similar. > > This is interesting. Can you give a small sample program for accessing > data from another program? As far as I know, pages are either filled > from a swap store (and contain data accessable to you) or zero-filled; > I can't think of a way (off the top of my head) to make this not true. he is right.. i think that this is required for even c2... simply change all new page allocations to zero each core cell prior to returning the page to the caller. in other words all calls to malloc must be using the calloc system call [syscall table]. i also believe that all swap pages and core would have to be zeroed UPON FREE also. the swap pages would have to be WRITTEN SYNCHRONOUSLY to zero them verifiably. performance drop, i know... also, would a FIPS three-pass scrub be needed for this? if so, vm perfs will go to crap. i think just a single-pass swap-page scrub will suffice though... jim -- All opinions expressed are mine, if you | "I will not be pushed, stamped, think otherwise, then go jump into turbid | briefed, debriefed, indexed, or radioactive waters and yell WAHOO !!! | numbered!" - #1, "The Prisoner" ------------------------------------------------------------------------------ Inet: jbryant@tfs.net AX.25: kc5vdj@wv0t.#neks.ks.usa.noam grid: EM28pw voice: KC5VDJ - 6 & 2 Meters AM/FM/SSB, 70cm FM. http://www.tfs.net/~jbryant ------------------------------------------------------------------------------ HF/6M/2M: IC-706-MkII, 2M: HTX-212, 2M: HTX-202, 70cm: HTX-404, Packet: KPC-3+