[erlang-questions] Erlang VM: how clean is our memory?

Alex Arnon alex.arnon@REDACTED
Thu Apr 28 17:50:56 CEST 2011

Thanks guys.
Attilla, on further reflection, I completely agree that it's all rather weak
- if anyone has access to the VM facilities, it probably is game over
Mihai - that is indeed a worry, in general. However, in case of such
applications I'd hope I would have sufficient control over the deployment

On Thu, Apr 28, 2011 at 5:04 PM, Mihai Balea <mihai@REDACTED> wrote:

> On Apr 28, 2011, at 9:38 AM, Attila Rajmund Nohl wrote:
> I think the security threat in C would be that malicious other code
> allocated some memory and the credit card number would be there. I
> think in Erlang you can't allocate memory without initializing it -
> the closest is the unbound variable, but the emulator throws an
> exception upon accessing unbound variables.
> On the other hand, the Erlang VM provides great tracing features. If
> that credit card number is passed to a function (or a list
> comprehension) and the attacker knows the module name of that
> function, he can setup trace and see the credit card number...
> I think that if attackers have access to the Erlang VM's memory space, then
> it's game over, they can get to anything.
> But I believe the OP was concerned about memory pages released by the VM
> that, if not properly scrubbed, would allow somebody from outside the VM to
> glean info
> Mihai
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110428/4bb30b31/attachment.htm>

More information about the erlang-questions mailing list