Clearing sensitive in-memory data in perl
Ben Laurie
ben at algroup.co.uk
Sat Sep 17 06:53:20 EDT 2005
Victor Duchovni wrote:
> On Thu, Sep 15, 2005 at 08:51:02PM -0700, Bill Frantz wrote:
>
>
>>On 9/13/05, perry at piermont.com (Perry E. Metzger) wrote:
>>
>>
>>
>>>Generally speaking, I think software with a security impact should not
>>>be written in C.
>>
>>I agree. I also note that Paul A. Karger and Roger R. Schell, in their
>>paper, "Thirty Years Later: Lessons from the Multics Security
>>Evaluation" state:
>>
>
>
> While some of the fault is perhaps in the core language, my contention is
> that the real problem is the anemic standard C-library. When working on C
> projects that have (and uniformly use) their own mature string handling
> libraries (I was a contributor to Tcl in the 90's and am now working
> in Postfix) I found that buffer overflows (and with Tcl for reasons I
> won't go into here also memory leaks) were a non-issue in those systems.
>
> With either Tcl_DString or VSTRING (Postfix), one simply loses the
> habit of needing to keep track of buffer lengths. When combined with a
> compatible I/O interface (say VSTREAM), argument vector library (ARGV)
> hash table library, ... one no longer in practice manipulates bare
> null-terminated string buffers except when passing (usually read-only)
> content to system calls via the C-library.
>
> I continue to write code in C, free of buffer overflows and memory leaks,
> not because I am more manly than the next programmer, but because I am
> attracted to working on well-designed systems, whose designers took the
> time to develop a richer set of idioms in which to construct their work.
>
> My view is that C is fine, but it needs a real library and programmers
> who learn C need to learn to use the real library, with the bare-metal
> C-library used only by library developers to bootstrap new safe
> primitives.
So wouldn't the world be a better place if we could all agree on a
single such library? Or at least, a single API. Like the STL is for C++.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list