On Sun, 24 Apr 2011 19:53:41 +0200 "C. P. Ghost" <cpgh...@cordula.ws> wrote:
> On Sun, Apr 24, 2011 at 7:10 PM, Modulok <modu...@gmail.com> wrote: > > I don't know if this is a problem on FreeBSD... > > > > Process A requests memory. > > Process A Stores a plaintext password in memory or other sensitive > > data. Process A terminates and the memory is reclaimed by kernel. > > > > Process B requests a *huge* chunk of memory. > > Process B crawls the uninitialized memory, looking for ProcessA's > > previously stored password. > > > > Does anyone know if this is even possible on FreeBSD? > > Please correct me if I'm wrong (I didn't check the sources), but... > > short answer: it shouldn't happen, because pages allocated to a new > process are zero-filled by the kernel (lazily via zero-fill page > faults when process B crawls the memory the first time). I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. AFAIK it's the responsibly of the programmer to avoid data leaking. Passwords are commonly overwritten as soon as they no longer needed. I think geli keeps persistent key information in kernel wired-memory. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
