[23952] in bugtraq
RE: remote memory reading through tcp/icmp
daemon@ATHENA.MIT.EDU (Michael Wojcik)
Tue Jan 22 17:55:28 2002
Message-ID: <75C025AE395F374B81F6416B1D4BDEFB1C8C56@MTV-CORPMAIL>
From: Michael Wojcik <Michael.Wojcik@microfocus.com>
To: bugtraq@securityfocus.com
Date: Tue, 22 Jan 2002 14:20:13 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
> From: David LeBlanc [mailto:dleblanc@mindspring.com]
> Sent: Sunday, January 20, 2002 6:27 PM
> The operating system should be clearing memory belonging to one
> process before handing it to another. If its not doing that, then
> there's a bigger problem than just this.
Indeed, this is a requirement of Orange Book C2 security (the "Object Reuse"
requirement). I realize the Rainbow Series is more or less passe, but the
point is this is a long-standing security principle.
Michael Wojcik
Principal Software Systems Developer, Micro Focus
Department of English, Miami University