Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Oct 1997 22:06:22 -0500
From:      dkelly@hiwaay.net
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: Zeroing pages, was Re: C2 
Message-ID:  <199710140306.WAA12259@nospam.hiwaay.net>
In-Reply-To: Message from Warren Toomey <wkt@henry.cs.adfa.oz.au>  of "Tue, 14 Oct 1997 11:29:45 %2B1000." <199710140129.LAA09227@henry.cs.adfa.oz.au> 

next in thread | previous in thread | raw e-mail | index | archive | help
Warren Toomey writes:
> In article by Terry Lambert:
> > > > Basically, we need to purge all memory when it is allocated, or 
> > > > deallocated.
> > This is interesting.  Can you give a small sample program for accessing
> > data from another program?  As far as I know, pages are either filled
> > from a swap store (and contain data accessable to you) or zero-filled;
> > I can't think of a way (off the top of my head) to make this not true.
> > 					Terry Lambert
> 
> There's no way of accessing the unused contents of mbufs from user space?
> Any other kernel buffers? I doubt it, but that's the only other way I can
> think of.

My security officers call this, "slack space" and are at least as concerned
about it as they are about the other forms of object reuse this thread has
touched upon.

Have been searching for the usefull SGI documents I've had to quote for
work, http://www.sgi.com/Support/security/c2_in_5.3_6.1.ps is one where
basically C2 is a standard Irix feature. Mention is made of Trusted Irix,
a separate product of which components were lifted (audit trails) to
provide C2 for Irix.

--
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710140306.WAA12259>