From owner-freebsd-security Tue Oct 14 08:56:14 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA25946 for security-outgoing; Tue, 14 Oct 1997 08:56:14 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from obie.softweyr.ml.org ([199.104.124.49]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA25939 for ; Tue, 14 Oct 1997 08:56:10 -0700 (PDT) (envelope-from wes@xmission.com) Received: (from wes@localhost) by obie.softweyr.ml.org (8.7.5/8.6.12) id KAA10425; Tue, 14 Oct 1997 10:01:37 -0600 (MDT) Date: Tue, 14 Oct 1997 10:01:37 -0600 (MDT) Message-Id: <199710141601.KAA10425@obie.softweyr.ml.org> From: Wes Peters To: Terry Lambert CC: security@freebsd.org Subject: Re: C2 Trusted FreeBSD? In-Reply-To: <199710140042.RAA16597@usr07.primenet.com> References: <199710140042.RAA16597@usr07.primenet.com> Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Terry Lambert writes: > > > Basically, we need to purge all memor when it is allocated, or > > > deallocated. > > > > yah, when we release something back into a system, we have to bzero() the > > contents, or something similar. > > This is interesting. Can you give a small sample program for accessing > data from another program? As far as I know, pages are either filled > from a swap store (and contain data accessable to you) or zero-filled; > I can't think of a way (off the top of my head) to make this not true. There are no incidences in which pages are returned to you with previous random cruft left in them? And besides, zero-filling memory isn't sufficient, it has to be overwritten a number of times to make sure now residual information can be obtained. These standards date back to core and even mercury-wire memory. Yes, I've actually worked with computers that feature *both* in my career. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com