waldo kitty wrote:
On 4/11/2014 5:03 AM, Michael Van Canneyt wrote:
The main point is that in FPC you can install a memory manager that
wipes out
any memory when getting or releasing it, if you want to make your
software more
secure that way.
how would one go about doing this? i learned in my TP3/6 days to use
fillchar on everything to ensure that it was filled with 0x00...
especially my data files... when looking at them with a hex editor, my
OCD would hit strongly because the data file was "not clean and holding
only my data"...
The ideal is to overwrite sensitive data with random bytes, since even
the length of a zero block can be useful to an attacker.
i don't know how one would go about cleaning released memory as someone
else asked about (eg: extending an array or string or etc)... once the
memory is released, it is no longer accessible, right?
But since the deallocated memory is going to a local heap, sooner or
later you're likely to get that back as a new block. That, as I
understand it, is what happened in OpenSSL.
The worst case would be if a cautious programmer zeroed everything that
he was freeing explicitly, without realising that any strings he
extended were going back into the heap intact so now stood out like a
sore thumb. Anybody who was able to inspect the heap would see only
strings that had subsequently been expanded:
password := getFromUser(); // Probably about 7 chars
password += #$00 + systemName(); // Leaves password on heap
saveToDB(Tiger2(password));
zeroString(password) // Length doesn't change
end; // Zeroed block freed to heap
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
