From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id AAA18426; Sun, 29 Feb 2004 00:17:15 +0100 (MET)
X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f
Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id AAA16713 for <caml-list@pauillac.inria.fr>; Sun, 29 Feb 2004 00:17:14 +0100 (MET)
Received: from smtp.mbg.ocn.ne.jp (mbg.ocn.ne.jp [210.190.142.181])
	by concorde.inria.fr (8.12.10/8.12.10) with ESMTP id i1SNHCae026473
	for <caml-list@inria.fr>; Sun, 29 Feb 2004 00:17:13 +0100
Received: from localhost (p5126-adsau14honb7-acca.tokyo.ocn.ne.jp [220.106.61.126])
	by smtp.mbg.ocn.ne.jp (Postfix) with ESMTP
	id A178F54FE; Sun, 29 Feb 2004 08:17:11 +0900 (JST)
Date: Sun, 29 Feb 2004 08:16:51 +0900 (JST)
Message-Id: <20040229.081651.39150923.yoriyuki@mbg.ocn.ne.jp>
To: oiwa@yl.is.s.u-tokyo.ac.jp
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] How to secure an OCaml server
From: Yamagata Yoriyuki <yoriyuki@mbg.ocn.ne.jp>
In-Reply-To: <vfioerj9msl.fsf@tuba.is.s.u-tokyo.ac.jp>
References: <87llmnme9b.fsf@linux-france.org>
	<vfioerj9msl.fsf@tuba.is.s.u-tokyo.ac.jp>
X-Mailer: Mew version 2.2 on Emacs 21.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Miltered: at concorde by Joe's j-chkmail ("http://j-chkmail.ensmp.fr")!
X-Loop: caml-list@inria.fr
X-Spam: no; 0.00; caml-list:01 yamagata:01 yoriyuki:01 yoriyuki:01 yutaka:01 oiwa:01 oiwa:01 u-tokyo:01 caml-list:01 2004:99 high-level:01 dangling:01 pointers:01 relaying:99 reclaimed:01 
Sender: owner-caml-list@pauillac.inria.fr
Precedence: bulk

From: Yutaka OIWA <oiwa@yl.is.s.u-tokyo.ac.jp>
Subject: Re: [Caml-list] How to secure an OCaml server
Date: Sun, 29 Feb 2004 01:44:10 +0900

> The garbage collection helps this style of programming, since with
> GC you can use those high-level data structures without fearing
> about memory leakage or dangling pointers.

On the other hand, relaying GC means data reside in the memory for
unpredictable amount of time, and may swap out to the disk.  Moreover,
current GC of OCaml does not seem to wipe out the contents when a
memory block is reclaimed, and String.create does not initialize the
contents either.  This could leak information which is otherwise
inaccessible.

So overwrite explicitly sensible data when they are no longer used,
and use String.make instead of String.create.

(Actually, I feel String.create is deprecated, or initializes the
contents by null, but there would be a performance concern.)

--
Yamagata Yoriyuki

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners