[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: make-string uninitialized memory eposure considered harmful
From: |
Marius Vollmer |
Subject: |
Re: make-string uninitialized memory eposure considered harmful |
Date: |
12 Jan 2003 18:45:13 +0100 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Egil Moeller <address@hidden> writes:
> But, you hit an interresting problem - one might think of a situation when
> one would like to be able to create a string (or other object?) that, when
> garbage-collected, was guaranteed to be overwritten with 0's. Is this
> doable?
Mikael has shown how to do it, but I would say that in general, there
are no security in Guile (in the sense that they are in Java, say).
Guile is supposed to be a 'safe' language and if things like buffer
overflows are detected, they will get fixed, but I don't think we want
to make any official guarantees about the security model of (ice-9
safe), say. We don't want to do this since the problem is hard and
needs to be done completely until we can claim security as a feature.
It's no use saying "modules ave a sophisticated ownership and
permission protocal" when you can easily subvert it.
--
GPG: D5D4E405 - 2F9B BCCC 8527 692A 04E3 331E FAF8 226A D5D4 E405