Re: Re: Re: Re: making perl more forgetting

To do it right, you need a patch to perl's Perl_sv_clear to wipe the PV buffer, and you need to make sure you don't keep any pads around longer than necessary (by freeing the code that used them). Even so, you are only shortening the window that sensitive data is accessible via /dev/mem. If it's all that sensitive, it's hard to see how that could be good enough.

Comment on Re: Re: Re: Re: making perl more forgetting

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: making perl more forgetting by diotalevi (Canon) on May 17, 2004 at 13:43 UTC
No, I had two points neither of which I elaborated. The first is that perl is likely going to find all sorts of funny places to copy the data and I wonder how likely it is to find all of them. I also wonder, does the current implementation of perl call sv_free at the proper time to support the wishes of the requestor? There's that pesky difference between something going out of scope-being-freed and the actually, really being freed, perhaps after having undef() called on it. The second point is that anything that attempts to clear the memory is going to have to do something compiler/version specific to hint to that the otherwise useless operation has a side effect and that it shouldn't be optimized away. You could consider it this way - some compilers take something like `sub foo { my $bar = 1; return 0 }`, notice that the `my $bar = 1` doesn't affect anything else and just eliminate it. That'd be C code though so the perl is just an example. I don't speak C well enough to produce a proper example.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: Re: Re: Re: making perl more forgetting
by diotalevi (Canon) on May 17, 2004 at 13:43 UTC

No, I had two points neither of which I elaborated. The first is that perl is likely going to find all sorts of funny places to copy the data and I wonder how likely it is to find all of them. I also wonder, does the current implementation of perl call sv_free at the proper time to support the wishes of the requestor? There's that pesky difference between something going out of scope-being-freed and the actually, really being freed, perhaps after having undef() called on it.

The second point is that anything that attempts to clear the memory is going to have to do something compiler/version specific to hint to that the otherwise useless operation has a side effect and that it shouldn't be optimized away. You could consider it this way - some compilers take something like sub foo { my $bar = 1; return 0 }, notice that the my $bar = 1 doesn't affect anything else and just eliminate it. That'd be C code though so the perl is just an example. I don't speak C well enough to produce a proper example.

[reply]
[d/l]
[select]