[erlang-questions] Erlang VM: how clean is our memory?
Mihai Balea
mihai@REDACTED
Thu Apr 28 16:04:32 CEST 2011
On Apr 28, 2011, at 9:38 AM, Attila Rajmund Nohl wrote:
>
> I think the security threat in C would be that malicious other code
> allocated some memory and the credit card number would be there. I
> think in Erlang you can't allocate memory without initializing it -
> the closest is the unbound variable, but the emulator throws an
> exception upon accessing unbound variables.
>
> On the other hand, the Erlang VM provides great tracing features. If
> that credit card number is passed to a function (or a list
> comprehension) and the attacker knows the module name of that
> function, he can setup trace and see the credit card number...
I think that if attackers have access to the Erlang VM's memory space, then it's game over, they can get to anything.
But I believe the OP was concerned about memory pages released by the VM that, if not properly scrubbed, would allow somebody from outside the VM to glean info
Mihai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110428/f51507ca/attachment.htm>
More information about the erlang-questions
mailing list