From owner-freebsd-security Mon Oct 13 20:06:42 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id UAA15783 for security-outgoing; Mon, 13 Oct 1997 20:06:42 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from fly.HiWAAY.net (root@fly.HiWAAY.net [208.147.154.56]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA15772 for ; Mon, 13 Oct 1997 20:06:30 -0700 (PDT) (envelope-from dkelly@nospam.hiwaay.net) Received: from nospam.hiwaay.net (tnt2-206.HiWAAY.net [208.147.148.206]) by fly.HiWAAY.net (8.8.7/8.8.6) with ESMTP id WAA24116 for ; Mon, 13 Oct 1997 22:06:26 -0500 (CDT) Received: from nospam.hiwaay.net (localhost [127.0.0.1]) by nospam.hiwaay.net (8.8.7/8.8.4) with ESMTP id WAA12259 for ; Mon, 13 Oct 1997 22:06:24 -0500 (CDT) Message-Id: <199710140306.WAA12259@nospam.hiwaay.net> X-Mailer: exmh version 2.0zeta 7/24/97 To: freebsd-security@FreeBSD.ORG From: dkelly@hiwaay.net Subject: Re: Zeroing pages, was Re: C2 In-reply-to: Message from Warren Toomey of "Tue, 14 Oct 1997 11:29:45 +1000." <199710140129.LAA09227@henry.cs.adfa.oz.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 13 Oct 1997 22:06:22 -0500 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Warren Toomey writes: > In article by Terry Lambert: > > > > Basically, we need to purge all memory when it is allocated, or > > > > deallocated. > > This is interesting. Can you give a small sample program for accessing > > data from another program? As far as I know, pages are either filled > > from a swap store (and contain data accessable to you) or zero-filled; > > I can't think of a way (off the top of my head) to make this not true. > > Terry Lambert > > There's no way of accessing the unused contents of mbufs from user space? > Any other kernel buffers? I doubt it, but that's the only other way I can > think of. My security officers call this, "slack space" and are at least as concerned about it as they are about the other forms of object reuse this thread has touched upon. Have been searching for the usefull SGI documents I've had to quote for work, http://www.sgi.com/Support/security/c2_in_5.3_6.1.ps is one where basically C2 is a standard Irix feature. Mention is made of Trusted Irix, a separate product of which components were lifted (audit trails) to provide C2 for Irix. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.