On Sun, Apr 24, 2011 at 7:10 PM, Modulok <modu...@gmail.com> wrote: > I don't know if this is a problem on FreeBSD... > > Process A requests memory. > Process A Stores a plaintext password in memory or other sensitive data. > Process A terminates and the memory is reclaimed by kernel. > > Process B requests a *huge* chunk of memory. > Process B crawls the uninitialized memory, looking for ProcessA's previously > stored password. > > Does anyone know if this is even possible on FreeBSD?
Please correct me if I'm wrong (I didn't check the sources), but... short answer: it shouldn't happen, because pages allocated to a new process are zero-filled by the kernel (lazily via zero-fill page faults when process B crawls the memory the first time). On the other hand, I'm not sure if the pass phrase would be visible via /dev/kmem before those pages are actually zero-filled by the new process. Must check the source for exit(2). > Thanks! > -Modulok- -cpghost. -- Cordula's Web. http://www.cordula.ws/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
