From owner-freebsd-security@FreeBSD.ORG Sun Jun 18 20:41:30 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E8D716A47A for ; Sun, 18 Jun 2006 20:41:30 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DDD243D60 for ; Sun, 18 Jun 2006 20:41:16 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 6BC2E2089; Sun, 18 Jun 2006 22:41:11 +0200 (CEST) X-Spam-Tests: MAILTO_TO_SPAM_ADDR X-Spam-Learn: disabled X-Spam-Score: 0.3/3.0 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on tim.des.no Received: from xps.des.no (des.no [80.203.243.180]) by tim.des.no (Postfix) with ESMTP id E832A2082; Sun, 18 Jun 2006 22:41:10 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id C7C1A33C8D; Sun, 18 Jun 2006 22:41:10 +0200 (CEST) From: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?=) To: "Nick Borisov" References: <3bcb4e3f0606180056o63424cc0g5c121443e45fa333@mail.gmail.com> <3bcb4e3f0606180127m3c4fdb13n2b42deb881b7bdc6@mail.gmail.com> <86odwqs71f.fsf@xps.des.no> <3bcb4e3f0606181309h70c08dc6l691bbb6e5b48615a@mail.gmail.com> Date: Sun, 18 Jun 2006 22:41:10 +0200 In-Reply-To: <3bcb4e3f0606181309h70c08dc6l691bbb6e5b48615a@mail.gmail.com> (Nick Borisov's message of "Mon, 19 Jun 2006 00:09:57 +0400") Message-ID: <86k67eryc9.fsf@xps.des.no> User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2006 20:41:30 -0000 "Nick Borisov" writes: > Well, providing zeroed pages to processes is not quite similar to > explicit cleaning of pages after use as some security standards > demand. That's why I'm asking. The "Z" malloc option seems to be > suitable but it's actually for debugging. Which security standard requires that one part of a process protect itself from another part of the same process? malloc() operates entirely in userland and is entirely replacable; there are plenty of malloc() implementations available both in ports and other places. If you're worried about authentication tokens and the like, our PAM library and modules zero memory used to store authentication data when it is released. So does OpenSSH. If this does not satisfy you, you're going to have to quote the relevant security standards, because it is not clear to me what you want, and I get the feeling that you don't quite know yourself. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no