Date: Sun, 18 Jun 2006 08:52:18 -0400 From: Chuck Swiger <cswiger@mac.com> To: Nick Borisov <neiro21@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: memory pages nulling when releasing Message-ID: <44954C82.4060709@mac.com> In-Reply-To: <3bcb4e3f0606180127m3c4fdb13n2b42deb881b7bdc6@mail.gmail.com> References: <3bcb4e3f0606180056o63424cc0g5c121443e45fa333@mail.gmail.com> <3bcb4e3f0606180127m3c4fdb13n2b42deb881b7bdc6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick Borisov wrote: > Could you tell me if FreeBSD supports memory page nulling when > releasing it to prevent unauthorized access to data left in the page > after it's allocated again. Yes, FreeBSD has a mechanism for "zero-filling" used pages before they are allocated to another process, although this is normally deferred for a while to promote reuse of the page if the original process needs to use it again. > If it does, what sys calls etc provide that? > IMHO this is an important issue when operating data with different > sensivity levels. You can set some malloc() tunables to control some of this, although if you are trying to do secure programming of sensitive data, look towards mlock() to keep the data resident and unpageable to keep it out of the VM system and potentially the swapfile. Look at the source for GnuPG, for example, or OPIE... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44954C82.4060709>