ljknews wrote: > At 8:18 PM -0600 11/14/06, Wall, Kevin wrote: > >> That makes a Java >> inappropriate >> for a lot of system-level programming tasks. Simple example: There's no >> way >> in pure Java that I can lock a process in memory. Wrt this list, that >> has >> a lot of security ramifications especially on shared processors. Sure >> makes >> hiding secrets a lot harder.
It's an operating system feature where you can lock a chunk of the memory of a process such that it is not swapped out at any time. see the specs for mlock, madvise. win32, I believe has an even more feature ridden facility for secure memory. on the receipt of abnormal termination signals this memory can be cleared, thus keeping the secret safe, so you could produce a process crash dump that is sanitized for sending to a support group. -- Pete +353 (87) 412 9576 [M] I'm gliding over a NUCLEAR WASTE DUMP near ATLANTA, Georgia!! _______________________________________________ Secure Coding mailing list (SC-L) [email protected] List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
