Re: Is memcpy secure?

From: CBFalconer (cbfalconer_at_yahoo.com)
Date: 01/11/04

• Next message: Andras Tantos: "Re: Is memcpy secure?"
• Previous message: Nico Kadel-Garcia: "Re: Port 135 Probes Continue"
• In reply to: Olga Sayenko: "Re: Is memcpy secure?"
• Next in thread: Olga Sayenko: "Re: Is memcpy secure?"
• Reply: Olga Sayenko: "Re: Is memcpy secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 11 Jan 2004 22:54:16 GMT

Olga Sayenko wrote:
> <christian.bau@cbau.freeserve.co.uk> wrote in message
> > sayenko@yahoo.com (Olga Sayenko) wrote:
> >
> > > I am trying to make sure that my data doesn't show up anywhere
> > > outside my process unencrypted. I am concerned that if I use
> > > memcpy, the bytes copied will end up in some memory somewhere
> > > after I am done with it. Am I being paranoid?
> >
> > Yes, but are you paranoid enough?
>
> Finally, someone understands! :)
>
> > Seriously, memcpy will not be a special case. It won't do
> > anything that straightforward C code couldn't do. I would be
> > more worried about the data that was in a memory block that
> > gets free()d.
>
> Wouldn't setting buffers to null characters when I am done with
> them take care of this?

Nothing will do other than designing a system from the
fundamentals up. Start with no long term storage, so that power
off wipes everything. This means the OS will have to boot from
the network. Maybe we can insist on some checks so the network
doesn't sneak a spy in. Then the reading and writing routines
have built in encryption. Who stores the keys, for how long, and
why? Etc. etc. ad nauseum.

Of course we have to guard that system, or some evil spy will
sneak in and replace the ROMS that do the initial booting and
checking. Hire at least three shifts of armed guards, and ensure
they are trustworthy. Do all the programming (including system
programs, utilities, etc.) yourself, because you can't trust
anybody. Pray. Make human sacrifices.

Now that you feel all warm and safe and comfy, you can relax.

-- 
Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net)
   Available for consulting/temporary embedded and systems.
   <http://cbfalconer.home.att.net>  USE worldnet address!

---

• Next message: Andras Tantos: "Re: Is memcpy secure?"
• Previous message: Nico Kadel-Garcia: "Re: Port 135 Probes Continue"
• In reply to: Olga Sayenko: "Re: Is memcpy secure?"
• Next in thread: Olga Sayenko: "Re: Is memcpy secure?"
• Reply: Olga Sayenko: "Re: Is memcpy secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Is memcpy secure? ... doesn't sneak a spy in. ... Of course we have to guard that system, or some evil spy will ... Hire at least three shifts of armed guards, ... Do all the programming (including system ... (comp.lang.c) Re: Is memcpy secure? ... > Of course we have to guard that system, or some evil spy will ... Do all the programming (including system ... Armed guards and human sacrifices are exactly what I had ... in mind, but the silly, silly users - all they want to do buy Britney ... (comp.lang.c) Re: Is memcpy secure? ... > Of course we have to guard that system, or some evil spy will ... Do all the programming (including system ... Armed guards and human sacrifices are exactly what I had ... in mind, but the silly, silly users - all they want to do buy Britney ... (comp.security.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)