On Wed, Aug 26, 2009 at 12:23:39AM -0400, Elad Efrat wrote: > Unrelated to the topic of the thread, but kmem(9) says: > > SECURITY CONSIDERATION > As the memory allocated by kmem_alloc() is uninitialized, it can > contain security-sensitive data left by its previous user. It is > the caller's responsibility not to expose it to the world. > > Shouldn't it be the responsibility of the security-sensitive subsystem > to clear the memory before it is freed, rather than the responsibility > of every kmem_alloc() caller?
All recycled kernel memory, including stack frames, is considered security-sensitive and not supposed to be exposed to the world. (Given that you're working on the security system, you ought to know this.) It is a matter of proper copyout() usage. -- David A. Holland dholl...@netbsd.org
