From owner-freebsd-security@FreeBSD.ORG Thu Sep 12 18:32:08 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 81D984C8 for ; Thu, 12 Sep 2013 18:32:08 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5AC60285B for ; Thu, 12 Sep 2013 18:32:07 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r8CIW7Pn001214 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Sep 2013 11:32:07 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r8CIW7S2001212; Thu, 12 Sep 2013 11:32:07 -0700 (PDT) (envelope-from jmg) Date: Thu, 12 Sep 2013 11:32:07 -0700 From: John-Mark Gurney To: My Email Subject: Re: FreeBSD Transient Memory problem? Message-ID: <20130912183206.GK68682@funkthat.com> Mail-Followup-To: My Email , "freebsd-security@freebsd.org" References: <20130912053559.GF68682@funkthat.com> <979901F9-5F25-4DF1-95A8-32473C55B25F@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <979901F9-5F25-4DF1-95A8-32473C55B25F@gmail.com> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Thu, 12 Sep 2013 11:32:07 -0700 (PDT) Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2013 18:32:08 -0000 My Email wrote this message on Thu, Sep 12, 2013 at 07:49 -1000: > My apologies, I have been replying too all, I hope that is the correct method. > > Anyway, that is very interesting information. I'd be extremely interested in information on customizing malloc and jemalloc. Let me know where to start. Thanks! For jemalloc, look at man malloc: opt.junk for kernel malloc, look at sys/kern_malloc.c.. It doesn't look like there is a knob to turn on kernel malloc filling, but it wouldn't be hard... Though the performance impact of junk filling is very significant... > On Sep 11, 2013, at 7:35 PM, John-Mark Gurney wrote: > > > Jonathon Wright wrote this message on Wed, Sep 11, 2013 at 14:15 -1000: > >> I have posted this question (username-scryptkiddy) in the forums: > >> http://forums.freebsd.org/showthread.php?t=41875 > >> but was suggested to bring it here to the mailing list for discussion. > >> > >> Basically, FreeBSD 8.3 (64bit) is what we use in our shop. We were > >> inspected by a security team and they had issues with FreeBSD's memory > >> management. > >> > >> Namely the transient memory and object reuse areas of FreeBSD. They claimed > >> that FreeBSD did not have a Common Criteria (EAL1-4) evaluation completed, > >> and therefore was vulnerable to the Transient memory problem. > > > > Any system that uses malloc will have difficulties with this as most > > versions of free will not zero out the memory... You could make > > modifications to kernel malloc to always zero memory on free, and turn on > > the junk feature of jemalloc and that could possibly close this issue > > for them... > > > >> Our higher ups need some sort of documentation / testing that can be used > >> to counter this, since changing Operating Systems is not something we have > >> time / manpower to do, but might have too based on this supposed 'finding'. > >> > >> The post has all the details. Let me know I need to repost in this as well. > > > > I know that FreeBSD 4.7 and 4.9 has been EAL3 ceritfied. I worked for > > nCircle a number of years ago, and they got their products EAL3 > > cerified. > > > > Link: > > http://www.commoncriteriaportal.org:80/files/epfiles/nCircle%20CR%20v1.0.pdf > > > > It is possible someone else has received certification on a newer version, > > but I'm not aware of any at this time... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."