From owner-freebsd-security@FreeBSD.ORG Thu Sep 12 18:12:30 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 98ACFB68 for ; Thu, 12 Sep 2013 18:12:30 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id EF3D82632 for ; Thu, 12 Sep 2013 18:12:29 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-245-177.lns20.per2.internode.on.net [121.45.245.177]) (authenticated bits=0) by vps1.elischer.org (8.14.6/8.14.6) with ESMTP id r8CI0gHD083926 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 12 Sep 2013 11:00:45 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <52320144.2090807@freebsd.org> Date: Fri, 13 Sep 2013 02:00:36 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: My Email Subject: Re: FreeBSD Transient Memory problem? References: <20130912053559.GF68682@funkthat.com> <979901F9-5F25-4DF1-95A8-32473C55B25F@gmail.com> In-Reply-To: <979901F9-5F25-4DF1-95A8-32473C55B25F@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-security@freebsd.org" , John-Mark Gurney X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2013 18:12:30 -0000 On 9/13/13 1:49 AM, My Email wrote: > My apologies, I have been replying too all, I hope that is the correct method. > > Anyway, that is very interesting information. I'd be extremely interested in information on customizing malloc and jemalloc. Let me know where to start. Thanks! it's hard to know how to refute it because they don't explain WHAT memory they are talking about. there is NO OS in the world that can survive that test if they are talking about protection from a malware kernel module. On the other hand if they are just talking about user memory allocation then of course we NEVER hand uncleared memory to anyone. (even root). Ask them to tell you what memory they are talking about.. and if they want free memory in the pool to be clear then it wouldn't take much to add a module that zeros non vnode memory when it's handed back to the kernel. But for all we know they are talking about people stealing punch cards and photographing them.. > JW > > On Sep 11, 2013, at 7:35 PM, John-Mark Gurney wrote: > >> Jonathon Wright wrote this message on Wed, Sep 11, 2013 at 14:15 -1000: >>> I have posted this question (username-scryptkiddy) in the forums: >>> http://forums.freebsd.org/showthread.php?t=41875 >>> but was suggested to bring it here to the mailing list for discussion. >>> >>> Basically, FreeBSD 8.3 (64bit) is what we use in our shop. We were >>> inspected by a security team and they had issues with FreeBSD's memory >>> management. >>> >>> Namely the transient memory and object reuse areas of FreeBSD. They claimed >>> that FreeBSD did not have a Common Criteria (EAL1-4) evaluation completed, >>> and therefore was vulnerable to the Transient memory problem. >> Any system that uses malloc will have difficulties with this as most >> versions of free will not zero out the memory... You could make >> modifications to kernel malloc to always zero memory on free, and turn on >> the junk feature of jemalloc and that could possibly close this issue >> for them... >> >>> Our higher ups need some sort of documentation / testing that can be used >>> to counter this, since changing Operating Systems is not something we have >>> time / manpower to do, but might have too based on this supposed 'finding'. >>> >>> The post has all the details. Let me know I need to repost in this as well. >> I know that FreeBSD 4.7 and 4.9 has been EAL3 ceritfied. I worked for >> nCircle a number of years ago, and they got their products EAL3 >> cerified. >> >> Link: >> http://www.commoncriteriaportal.org:80/files/epfiles/nCircle%20CR%20v1.0.pdf >> >> It is possible someone else has received certification on a newer version, >> but I'm not aware of any at this time... >> >> -- >> John-Mark Gurney Voice: +1 415 225 5579 >> >> "All that I will do, has been done, All that I have, has not." > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >