From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Egil Moeller Newsgroups: gmane.lisp.guile.user Subject: Re: make-string uninitialized memory eposure considered harmful Date: Fri, 10 Jan 2003 16:51:33 +0100 (CET) Sender: guile-user-bounces+guile-user=m.gmane.org@gnu.org Message-ID: References: <20030110195402.362793C2B@fnord.ir.bbn.com> Reply-To: redhog@redhog.org NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Trace: main.gmane.org 1042229496 21438 80.91.224.249 (10 Jan 2003 20:11:36 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Fri, 10 Jan 2003 20:11:36 +0000 (UTC) Cc: guile-user@gnu.org Return-path: Original-Received: from monty-python.gnu.org ([199.232.76.173]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 18X5V9-0005Zc-00 for ; Fri, 10 Jan 2003 21:11:35 +0100 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18X5SD-0000Bq-02 for guile-user@m.gmane.org; Fri, 10 Jan 2003 15:08:33 -0500 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18X5RZ-0008Hg-00 for guile-user@gnu.org; Fri, 10 Jan 2003 15:07:53 -0500 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18X5RR-00089F-00 for guile-user@gnu.org; Fri, 10 Jan 2003 15:07:46 -0500 Original-Received: from q94.ryd.student.liu.se ([130.236.217.94] helo=redhog.org) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18X5R5-0007ln-00 for guile-user@gnu.org; Fri, 10 Jan 2003 15:07:23 -0500 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by redhog.org (Postfix) with ESMTP id 716905F778; Fri, 10 Jan 2003 16:51:33 +0100 (CET) X-Sender: Original-To: Greg Troxel In-Reply-To: <20030110195402.362793C2B@fnord.ir.bbn.com> X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: General Guile related discussions List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Xref: main.gmane.org gmane.lisp.guile.user:1527 X-Report-Spam: http://spam.gmane.org/gmane.lisp.guile.user:1527 > At this point, I get what is going on. This is confusing, and exposes > the contents of random memory locations, perhaps exposing a password > that somone thought had been garbage collected. So, I'd argue that > the default behavior should be to fill with nulls, or something, even > though the spec should remain unspecified. If we are afraid people > will depend on that, it can fill with something chosen arbitrarily, > but it shouldn't expose the existing contents of free memory. > > Anyone want to call me paranoid? Yes, you are. But not entierly... I don't think that make-string is broken in any way - random data that comes from old values in the program are as good as any other values for the purpose of undefined characters... But, you hit an interresting problem - one might think of a situation when one would like to be able to create a string (or other object?) that, when garbage-collected, was guaranteed to be overwritten with 0's. Is this doable? It would require one more type-bit in all datatypes that would support this behaviour. Also, such a bit would need to be copied whenever the object was copied or parts of it extracted or merged with other objects. I'm quite interrested in this, as I have written a wrapper around GnuPG (using the C-wrapper GpgME) for Guile (if you are interrested in it, it is currently a bit too integrated with the rest of a bigger project, but it is allready fully functional (you can sign, encrypt, veryfy and decrypt messages in memmory), but in the end, I hope to release it as a separate project)... /Egil -- http://redhog.org GPG Public key: http://redhog.org/PGP%20Public%20key.asc Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://mail.gnu.org/mailman/listinfo/guile-user