FreeBSD Transient Memory problem?
Jonathon Wright
jonathon.s.wright at gmail.com
Thu Sep 12 20:03:14 UTC 2013
Great translation Brett, the whole team is rolling!
Unfortunately, its probably true. Yeah, I went to the site, interesting,
but I'm not sure how shady they are or not.
In either case, my problem still remains. I'm looking into what John-Mark
Gurney posted to me, it looks a bit promising as far as being able to
"demonstrate" the zeroing of the memory allocated prior to use.
For example, when I did a man malloc, the Z option states exactly that:
The problem though is it also states that "this is intended for debugging
and will impact performance negatively". That means I'm in between a rock
and hard spot:
1. If I turn it on, I'll have horrible performance. (I suppose I need a
/etc/malloc.conf example if I did if you have one)
2. if I don't turn it on, I am not able to address their so called 'issue'.
On Thu, Sep 12, 2013 at 9:53 AM, Brett Glass <brett at lariat.org> wrote:
> At 01:33 PM 9/12/2013, Jonathon Wright wrote:
>
> *Description of Finding:* Object reuse cannot be verified. The FreeBSD
>>
>> servers used have not been evaluated or certified by NIAP. As such, it
>> cannot be verified that the operating system ensures transient memory
>> cleansing (object reuse) features are in place.
>>
>
> Translation: The FreeBSD Project doesn't participate in, and hasn't paid
> money to be certified by, a program run by the NSA... a shadowy government
> agency which has been known to actively compromise security and spy on
> citizens. We recommend that our clients move to a less secure OS so that
> their
> systems can be spied upon and their security compromised.
>
> --Brett Glass
>
> P.S. -- For more on NIAP, see www.niap-ccevs.org. Note that this site will
> deposit multiple tracking cookies in your browser which you may want to
> delete after visiting it.
>
>
More information about the freebsd-security
mailing list