Date: Wed, 27 Jul 2011 18:47:37 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Malloc -Z Message-ID: <20110727184737.137515b3@gumby.homeunix.com> In-Reply-To: <CAD2Ti2_xCSzjB6eC0pUU6DHj7OSsmE_E4ikgDRx=CU3un64LoA@mail.gmail.com> References: <CAD2Ti2_xCSzjB6eC0pUU6DHj7OSsmE_E4ikgDRx=CU3un64LoA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 27 Jul 2011 02:49:48 -0400 grarpamp wrote: > Was reading malloc(3) while chasing corruption suspects. > Does the presence of -Z imply that without it, programs > can be allocated dirty (non-zeroed) memory? Programs (in the sense of processes) are allocated zeroed-memory. Memory allocated by malloc will either be zeroed or contain pages written to by the same process. In general any security concerns about sensitive data should be handled by zeroing before freeing (or when the data is no longer needed) rather than zeroing on allocation.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110727184737.137515b3>