Eric Rannaud wrote: > On Sun, Mar 15, 2009 at 05:35:27PM -0400, Geoffrey Irving wrote: >> A thought that occurred to me after the discussion of array >> initialization: allowing user access to uninitialized memory opens a >> security hole. It would become possible to read passwords or other >> sensitive data out of the "uninitialized" memory, which would rule out >> the use of BitC for intraprocess access control setups. I think this >> is more than enough to kill the idea of an uninitialized allocation >> primitive. > > That's the job of the operating system. [...]
No, Geoffrey is talking about sensitive data left by the same process (note "intraprocess"). A secure language implementation can rely on new pages obtained from the operating system being zeroed, but it still has to zero memory recovered by garbage collection (or explicit deallocation if supported) before it is reused. -- David-Sarah Hopwood ⚥ _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
