Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwm.edu!zaphod.mps.ohio-state.edu!usc!srhqla!demott!kdq
From: kdq@demott.COM (Kevin D. Quitt)
Newsgroups: comp.lang.c
Subject: Re: Life after free?
Message-ID: <683@demott.COM>
Date: 5 Oct 90 23:49:09 GMT
References: <5360:Oct421:09:4890@kramden.acf.nyu.edu>
Reply-To: kdq@demott.COM (Kevin D. Quitt)
Organization: DeMott Electronics Co., Van Nuys CA
Lines: 25

In article <5360:Oct421:09:4890@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <623@demott.COM> kdq@demott.COM (Kevin D. Quitt) writes:
>>     It should be noted that in secure systems, free() will clear the memory.
>
>That would be quite amusing, since there's absolutely no concept of
>security within C. If you can free it, you can copy it out and save it
>first.
>

    That's no problem.  It's what the next guy does when he gets the
memory you've freed up.  I used to do this all the time (freeing and
allocating memory) so I could examine it for all sorts of useful
information.  This may happen more than you're aware of in a paged-
memory system.  In a previous life, it was my job to break into systems
and this was one of my favorite tools.  It's amazing what people leave
in their trash!


-- 
 _
Kevin D. Quitt         demott!kdq   kdq@demott.com
DeMott Electronics Co. 14707 Keswick St.   Van Nuys, CA 91405-1266
VOICE (818) 988-4975   FAX (818) 997-1190  MODEM (818) 997-4496 PEP last

                96.37% of all statistics are made up.