Wesley J Landaker wrote:
On Wednesday 14 January 2004 8:41 pm, Nano Nano wrote:On Wed, Jan 14, 2004 at 08:38:29PM -0700, Wesley J Landaker wrote: Content-Description: signed data [snip]The contents of video ram aren't initialized by the hardware. They just come up in a random state are and just going to be overwritten--why would the video card both to zero it out?Isn't that a security problem? What if the old contents contained the image of the root password or other sensitive information?Then it would be there until it got over-written. Just like when you type in your root password or any other sensitive information, the local computer has it in memory until it gets overwritten.So, yes, it's important to make sure that unprivileged processes can't just randomly read video ram, just like you wouldn't let them randomly read memory. =)
Upon further reflection, this could be a more serious security problem. Imagine a small trojan/keylogger/worm/etc , that's ~640kb. There is plenty of room in vid memory in today's cards, and even in old cards. (My 4.5 year old laptop has 4mb) Even a reboot wouldn't neccessarily remove it from resident memory, at least not permenately.
Does anyone think a bug report should be filed somewhere? At the very least vid mem should be zeroed at end of shutdown and early in boot.
More (not so) random thoughts, PaulM