On Mon, 12 May 2003 17:51:25 EDT, Chuck Ebbert said:
> Alan Cox wrote:
>
> >> ...and on a related topic, if someone wrote a patch to optionally clear
> >> the swap area at swapoff would it ever be accepted?
> >
> > man dd ?
>
> "That can be done manually" does not get you the check mark in
> the list of features. Management wants idiot-resistant security.
In particular, the code that handles the zeroing out of resource objects
before re-use needs to be "inside" the trusted-base perimeter. This has
been well-understood for years - even my August 83 copy of the Orange Book
says (for class C2):
2.2.1.2 Object Reuse
All authorizations to the information contained within a storage object
shall be revoked prior to initial assignment, allocation, or reallocation
to a subject from the TCB's pool of unused storage objects. No information,
including encrypted representations of information, produced by a prior
subject's actions is to be available to any subject that obtains access
to an object that has been released back to the system.
(OK.. it doesn't have to be in-kernel, but the function *does* have to
be inside the TCB, not out in random userland)...
--==_Exmh_-1759990914P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE+wBw9cC3lWbTT17ARAt4RAJ9B42hSbYUYm1NmkccpICTAi4182gCg1eCX
rvdRNH6c4R34KzUKnQVyV5M=
=kSq/
-----END PGP SIGNATURE-----
--==_Exmh_-1759990914P--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/