Hi All, What do you think about optional set of new/delete operators which clean memory in delete() by filling it with zeros. I mean an implementation with the standard syntax, so that any old program using the standard new/delete can be linked with the modified version of new/delete without any change in the program text and even without its recompilation. I have never heard whether this simple idea was implemented anywhere. In fact, these operators are useful for sequre aplications, which are not expected to leave significant information in the dynamic memory. This is also useful for debug of any program that uses direct allocations with raw pointers, the style which it known to be prone to errors. The use of already deleted information is more likely to be detected, if this information is physically deleted. The cleaning new/delete operators might be made very simple (almost trivial, except exception safety) and perhaps completely portable. Does this idea look useful? Regards Igor Smirnov
Igor Smirnov wrote:
Hi All,
What do you think about optional set of new/delete operators which clean memory in delete() by filling it with zeros. I mean an implementation with the standard syntax, so that any old program using the standard new/delete can be linked with the modified version of new/delete without any change in the program text and even without its recompilation. I have never heard whether this simple idea was implemented anywhere. In fact, these operators are useful for sequre aplications, which are not expected to leave significant information in the dynamic memory.
You might want to look at http://www.eddeye.net/src/secalloc/. Jonathan
Jonathan Turkanis wrote:
You might want to look at http://www.eddeye.net/src/secalloc/.
Thank you, Jonathan. This is related to my proposal, but it is different approach. I meant replacing global new and delete operators. In the document you referred it is assumed that one must change initializations of all sensitive strings in the source text, if I understand this correctly. The substitution of new/delete operators might be simplier for large and complicated programs. In addition such opertors are much simplier themselves, than the arrangement from the referred paper. It seems that both approaches may be useful. But the avoidance of swapping is an issue which I have not solved so far. There is an interesting statement about problems with std::strings. Igor
participants (2)
-
Igor Smirnov -
Jonathan Turkanis