From owner-freebsd-security@FreeBSD.ORG  Wed Jul 27 17:17:00 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E52D0106566B
	for <freebsd-security@freebsd.org>;
	Wed, 27 Jul 2011 17:17:00 +0000 (UTC)
	(envelope-from grarpamp@gmail.com)
Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com
	[209.85.218.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 70FEC8FC13
	for <freebsd-security@freebsd.org>;
	Wed, 27 Jul 2011 17:17:00 +0000 (UTC)
Received: by yic13 with SMTP id 13so1550116yic.13
	for <freebsd-security@freebsd.org>;
	Wed, 27 Jul 2011 10:16:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type; bh=RFKz3Pmy087skDeCqUPAbKiKs5sImzVP66vYGJpl0tI=;
	b=P8y4Vb7IXGCZcVi1FCrzYq4ELejv98qCNS7isXaV8LfydVYTbSiV/JXtK48XYnyvJA
	IfkqfJBcoc+pUOUM1NcoELIAdVFGcFIEVgO4UeQ+d2oFg7FGSQNxKtRD3zopkJKUoY98
	UHS9Rjld2mOMSjNHgwi3VVse481qLkhpV0Xak=
MIME-Version: 1.0
Received: by 10.142.226.18 with SMTP id y18mr16741wfg.366.1311787019334; Wed,
	27 Jul 2011 10:16:59 -0700 (PDT)
Received: by 10.142.43.1 with HTTP; Wed, 27 Jul 2011 10:16:59 -0700 (PDT)
In-Reply-To: <CAF3EE36-98E2-4265-A1C9-DA9671AB89C5@gothic.net.au>
References: <CAD2Ti2_xCSzjB6eC0pUU6DHj7OSsmE_E4ikgDRx=CU3un64LoA@mail.gmail.com>
	<CAF3EE36-98E2-4265-A1C9-DA9671AB89C5@gothic.net.au>
Date: Wed, 27 Jul 2011 13:16:59 -0400
Message-ID: <CAD2Ti29g_=kW=eMDfe0Z-xcObhT4Fs-0w8T1F1WdBqM-2Ar6NQ@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Mailman-Approved-At: Wed, 27 Jul 2011 18:00:25 +0000
Subject: Re: Malloc -Z
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2011 17:17:01 -0000

> malloc(3) has never provided zeroed memory. If you need zeroed memory in C,
> you either need to zero it yourself using memset(3), or use calloc(3).

Or, in lieu, use -Z, presumably.

> What would be prudent as a developer (and is the default in CURRENT I
> believe) is to use J - it enforces the "memory from malloc(3) is not
> guaranteed to be zeroed." by specifically setting it to non-zero.

Hmm, well for debugging/fuzzing programs, Z or J could be useful.
As would new R(random), 5(0x55), a(0xaa), and f(0xff) variations.

But for security, it seems running with any of them set would be
wise or flat out required. No? As in the case where users are
untrusted (mischievous, but unable to gain root).

Because while your own shiny new program may zero on free, all
the other installed programs that handle 'sensitive' data may not.
And without using say, Z... any user could scrape the box. Right?