[bitc-dev] nondeterminism and access control
Geoffrey Irving
irving at naml.us
Sun Mar 15 19:29:16 EDT 2009
On Sun, Mar 15, 2009 at 7:22 PM, Philipp Klaus Krause <pkk at spth.de> wrote:
> Geoffrey Irving schrieb:
>> A thought that occurred to me after the discussion of array
>> initialization: allowing user access to uninitialized memory opens a
>> security hole. It would become possible to read passwords or other
>> sensitive data out of the "uninitialized" memory, which would rule out
>> the use of BitC for intraprocess access control setups. I think this
>> is more than enough to kill the idea of an uninitialized allocation
>> primitive.
>>
>> Geoffrey
>
> Since you want the zeroing done for security reasons: Wouldn't it make
> much more sense to zero upon deallocation?
That isn't feasible in a garbage collected language with no
finalizers. Memory in a fully garbage collected language isn't so
much deallocated as forgotten: once all pointers to a block disappear
it's impossible to know whether the memory is in order to zero it.
Geoffrey
More information about the bitc-dev
mailing list