[bitc-dev] nondeterminism and access control
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Sun Mar 15 18:25:52 EDT 2009
Eric Rannaud wrote:
> On Sun, Mar 15, 2009 at 05:35:27PM -0400, Geoffrey Irving wrote:
>> A thought that occurred to me after the discussion of array
>> initialization: allowing user access to uninitialized memory opens a
>> security hole. It would become possible to read passwords or other
>> sensitive data out of the "uninitialized" memory, which would rule out
>> the use of BitC for intraprocess access control setups. I think this
>> is more than enough to kill the idea of an uninitialized allocation
>> primitive.
>
> That's the job of the operating system. [...]
No, Geoffrey is talking about sensitive data left by the same process
(note "intraprocess"). A secure language implementation can rely on new
pages obtained from the operating system being zeroed, but it still has
to zero memory recovered by garbage collection (or explicit deallocation
if supported) before it is reused.
--
David-Sarah Hopwood ⚥
More information about the bitc-dev
mailing list