Life after free?
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Fri Oct 5 12:58:04 AEST 1990
In article <1990Oct5.002416.3196 at nntp-server.caltech.edu> manning at nntp-server.caltech.edu (Evan Marshall Manning) writes:
> In article <623 at demott.COM> kdq at demott.COM (Kevin D. Quitt) writes:
> > It should be noted that in secure systems, free() will clear the memory.
> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
> > That would be quite amusing, since there's absolutely no concept of
> > security within C. If you can free it, you can copy it out and save it
> > first.
> You're missing the point. Of course you can do what you like with your
> data. But when you free() it you return it to the OS. And anybody else
> can end up with your data when they next malloc().
And any sane operating system will zero-fill pages that it gives to a
process, rather than adding slow code to free(). And no UNIX malloc()
I've seen even tries to return memory to the system---it'll probably
just have to allocate it again. And this is comp.lang.c, where the word
``security'' means something like ``modularity'' or what might now be
called ``data hiding'' or ``object-oriented programming''.
---Dan
More information about the Comp.lang.c
mailing list