Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Portal: Variable Pointers and Security

Oct 25, 2000, 07:22 (1 Talkback[s])
(Other stories by Ronald Mendell)

"If a programmer works with primarily static, homogenous data, then variable pointers may not be necessary. But with dynamic data, accessing that information effectively by the program may not be possible without pointers to dynamic memory locations...."

"What security risks arise when pointers get changed and data remaining in memory cells becomes forgotten? Obviously, in systems with robust data turnover, the question may be moot. But in processing environments where dormant accounts are the norm, unmapped data residing in memory or in disk storage systems creates formidable security problems."

"First, proprietary data may hold over in storage devices whose permissions could change without anyone knowing sensitive data still remains. Unauthorized individuals suddenly have access rights to data beyond their security clearances. For example, executive salaries may be accessible by accounting clerks if disk storage is reused with a lower permission level."

Complete Story

Related Stories: