Date: Wed, 27 Jul 2011 13:16:59 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Subject: Re: Malloc -Z Message-ID: <CAD2Ti29g_=kW=eMDfe0Z-xcObhT4Fs-0w8T1F1WdBqM-2Ar6NQ@mail.gmail.com> In-Reply-To: <CAF3EE36-98E2-4265-A1C9-DA9671AB89C5@gothic.net.au> References: <CAD2Ti2_xCSzjB6eC0pUU6DHj7OSsmE_E4ikgDRx=CU3un64LoA@mail.gmail.com> <CAF3EE36-98E2-4265-A1C9-DA9671AB89C5@gothic.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> malloc(3) has never provided zeroed memory. If you need zeroed memory in C, > you either need to zero it yourself using memset(3), or use calloc(3). Or, in lieu, use -Z, presumably. > What would be prudent as a developer (and is the default in CURRENT I > believe) is to use J - it enforces the "memory from malloc(3) is not > guaranteed to be zeroed." by specifically setting it to non-zero. Hmm, well for debugging/fuzzing programs, Z or J could be useful. As would new R(random), 5(0x55), a(0xaa), and f(0xff) variations. But for security, it seems running with any of them set would be wise or flat out required. No? As in the case where users are untrusted (mischievous, but unable to gain root). Because while your own shiny new program may zero on free, all the other installed programs that handle 'sensitive' data may not. And without using say, Z... any user could scrape the box. Right?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti29g_=kW=eMDfe0Z-xcObhT4Fs-0w8T1F1WdBqM-2Ar6NQ>