[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: make-string uninitialized memory eposure considered harmful

From: Marius Vollmer
Subject: Re: make-string uninitialized memory eposure considered harmful
Date: 12 Jan 2003 18:45:13 +0100
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Egil Moeller <address@hidden> writes:

> But, you hit an interresting problem - one might think of a situation when
> one would like to be able to create a string (or other object?) that, when
> garbage-collected, was guaranteed to be overwritten with 0's. Is this
> doable?

Mikael has shown how to do it, but I would say that in general, there
are no security in Guile (in the sense that they are in Java, say).
Guile is supposed to be a 'safe' language and if things like buffer
overflows are detected, they will get fixed, but I don't think we want
to make any official guarantees about the security model of (ice-9
safe), say.  We don't want to do this since the problem is hard and
needs to be done completely until we can claim security as a feature.
It's no use saying "modules ave a sophisticated ownership and
permission protocal" when you can easily subvert it.

GPG: D5D4E405 - 2F9B BCCC 8527 692A 04E3  331E FAF8 226A D5D4 E405

reply via email to

[Prev in Thread] Current Thread [Next in Thread]