[erlang-questions] Erlang VM: how clean is our memory?

Attila Rajmund Nohl attila.r.nohl@REDACTED
Thu Apr 28 15:38:23 CEST 2011


2011/4/28, Alex Arnon <alex.arnon@REDACTED>:
> What interests me, beyond what "the allocator" does, is what happens when a
> process's heap is garbage collected.
> To take a more specific example - let's say I have a sensitive small binary,
> e.g. a credit card number. Though there should be little to no real risk
> from memory snoopers, I'd like the memory space it would have occupied to
> have been cleared when I'm done with it - i.e., zero out free space after
> GC. This would make me feel a bit more secure in the face of third-party
> modules (though yes, port programs are the preferred way to go).

I think the security threat in C would be that malicious other code
allocated some memory and the credit card number would be there. I
think in Erlang you can't allocate memory without initializing it -
the closest is the unbound variable, but the emulator throws an
exception upon accessing unbound variables.

On the other hand, the Erlang VM provides great tracing features. If
that credit card number is passed to a function (or a list
comprehension) and the attacker knows the module name of that
function, he can setup trace and see the credit card number...



More information about the erlang-questions mailing list