From owner-freebsd-security@FreeBSD.ORG  Wed Jul 27 18:19:20 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CA6AD106566B
	for <freebsd-security@freebsd.org>;
	Wed, 27 Jul 2011 18:19:20 +0000 (UTC)
	(envelope-from rwmaillists@googlemail.com)
Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 639F78FC13
	for <freebsd-security@freebsd.org>;
	Wed, 27 Jul 2011 18:19:19 +0000 (UTC)
Received: by wwg11 with SMTP id 11so3333480wwg.1
	for <freebsd-security@freebsd.org>;
	Wed, 27 Jul 2011 11:19:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=gamma;
	h=date:from:to:subject:message-id:in-reply-to:references:x-mailer
	:mime-version:content-type:content-transfer-encoding;
	bh=yDYZaG3qISYjZFWwCp5QZatjmz2gBje2O67T0Lu2OYQ=;
	b=GbU3TgWgLLH6WAkCfzP3MMeif8P7bkdnzTLVV+wJfMsAWUjkjBSf5kdKZFGvgLPk9K
	78kBAiCwZ7K2NP6oJJaofP6VxLncfYNSnHYmHphYDhagdDgniB3lHCeMO/OCYeeccNer
	nCHga+IgLFyDG/ESWkyfHrK4Oqs2Z89w49b3I=
Received: by 10.227.7.80 with SMTP id c16mr83573wbc.40.1311788867593;
	Wed, 27 Jul 2011 10:47:47 -0700 (PDT)
Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk
	[87.194.105.247])
	by mx.google.com with ESMTPS id fc2sm95406wbb.18.2011.07.27.10.47.44
	(version=SSLv3 cipher=OTHER); Wed, 27 Jul 2011 10:47:46 -0700 (PDT)
Date: Wed, 27 Jul 2011 18:47:37 +0100
From: RW <rwmaillists@googlemail.com>
To: freebsd-security@freebsd.org
Message-ID: <20110727184737.137515b3@gumby.homeunix.com>
In-Reply-To: <CAD2Ti2_xCSzjB6eC0pUU6DHj7OSsmE_E4ikgDRx=CU3un64LoA@mail.gmail.com>
References: <CAD2Ti2_xCSzjB6eC0pUU6DHj7OSsmE_E4ikgDRx=CU3un64LoA@mail.gmail.com>
X-Mailer: Claws Mail 3.7.9 (GTK+ 2.22.1; amd64-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: Malloc -Z
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2011 18:19:20 -0000

On Wed, 27 Jul 2011 02:49:48 -0400
grarpamp wrote:

> Was reading malloc(3) while chasing corruption suspects.
> Does the presence of -Z imply that without it, programs
> can be allocated dirty (non-zeroed) memory?

Programs (in the sense of processes) are allocated zeroed-memory.

Memory allocated by malloc will either be zeroed or contain pages
written to by the same process. 

In general any security concerns about sensitive data should be handled
by zeroing before freeing (or when the data is no longer needed) rather
than zeroing on allocation.