in reply to making perl more forgetting

Note that any OS won't overwrite the memory that is set to free! When a process free some chunk of memory it only set the are to free, but won't rewrite and clean the bytes previously writed, and the same is valid when the OS free some memory alocated to a process.

Note that if the memory is rewrited to clean the old data, things will be much more slow, since the work to always clean the old data will be bigger than create new data.

Graciliano M. P.
"Creativity is the expression of the liberty".

Replies are listed 'Best First'.
Re: Re: making perl more forgetting
by ddzeko (Acolyte) on May 16, 2004 at 21:11 UTC

    Thanks everybody for answers.

    In my case, I don't need each and every scalar wiped out. In fact there is just this one type of data (credit card details) that I wish to handle securely.

    Unfortunately, I don't see an option here. There are just too many places where raw data pass until they finaly reach my variables. (I'm using POE, with Wheels and Filters for I/O and credit card details are present in input and output messages in cleartext form (in one case over the IPsec VPN, and in other using UNIX socket to communicate to local process)).

    As I see it now, there's not much hope in this case. Only real good kernel level security (eventualy, with secured swap space using loop-aes on Linux or something similar on *BSD), to reduce risks and try to make sure that in case of a break-in the damage will be minimal.

[reply]
      Hi,

      What you could try to do in minimizing the risk of sensitive stuff in memory is forking a separate process that handles the sensitive information and keep that running as short as possible. The memory freed after that process finished may still contain the sensitive information, as pointed out by gmpassos, but if you keep your sensitive information-process running long (as a deamon for instance) it certainly will contain the sensitive information and this will be in memory.

      What you could do is have another 'wiper'-process that uses a lot of memory, so the chance of your sensitive information being overwritten becomes very high, something simple like: 

      #!/usr/bin/perl
while (1) {
        my $aap = "a" x 8192;
        sleep 1;
}

      [download]
      will allocate at least 8192 bytes filled with 'a' every second (and probably a whole lot because we run perl), at te expense of some CPU and memory (duh). This could be tuned to take into account the current state of total memory usage (make the wiper-process use more if there's a lot of free memory left). I'm not very experienced in the details of memory management, but having a hight turnover in used memory to me seems a good way to decrease the chance of sensitive information still being in memory.

      Beware of using too much memory, because that will result in swap-usage and in that case you also have to deal with getting rid of your information if it's in swap memory. Maybe its advisable to not use swap-memory (lots of 'Live-CD' OSses don't use swap), and just add some extra memory to your system.

[reply]
[d/l]

In Section Seekers of Perl Wisdom