Re: DRAM data persistence
- From: MooseFET <kensmith@xxxxxxxxx>
- Date: Thu, 05 Jul 2007 06:18:38 -0700
On Jul 5, 4:37 am, krw <k...@xxxxxxxxxx> wrote:
In article <slrnf8pfm2.5eds.dha...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
dha...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx says...
Nico Coesel wrote:
Any modern OS clears the memory before freeing it for use
by other tasks.
This is not correct.
This is very correct otherwise there would be a huge security hole.
Name ONE operating system that does this. Besides, if I were to write a
program for which leftover RAM (or swap) content was a security hole, I'd
clear that memory myself before releasing it, rather than relying on your
imaginary OS feature.
MVS, and I believe any other OS that is B2 rated.
Yes, I think you are right. IBM's MVT didn't and this was the source
of many security problems. This was because they assumed that
anything in memory that had a key of zero was theirs but didn't
enforce it. You could make a look alike for an OS data structure and
free it then quickly use it. This way you could fool the OS into
jumping to your code. I can imagine IBM nailing that door shut and
bricking it up.
.
- References:
- DRAM data persistence
- From: Richard Henry
- Re: DRAM data persistence
- From: MooseFET
- Re: DRAM data persistence
- From: Nico Coesel
- Re: DRAM data persistence
- From: Jan Panteltje
- Re: DRAM data persistence
- From: Nico Coesel
- Re: DRAM data persistence
- From: Haude Daniel
- Re: DRAM data persistence
- From: krw
- DRAM data persistence
- Prev by Date: Re: OT: A bit of a long shot, but
- Next by Date: Re: Heartburn of the Day
- Previous by thread: Re: DRAM data persistence
- Next by thread: Re: DRAM data persistence
- Index(es):
Relevant Pages
|
