From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 14:23:13 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA7F91065670 for ; Tue, 26 Apr 2011 14:23:13 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from mail-pw0-f54.google.com (mail-pw0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id A82688FC14 for ; Tue, 26 Apr 2011 14:23:13 +0000 (UTC) Received: by pwj8 with SMTP id 8so594448pwj.13 for ; Tue, 26 Apr 2011 07:23:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.68.4.233 with SMTP id n9mr1061858pbn.128.1303827791802; Tue, 26 Apr 2011 07:23:11 -0700 (PDT) Received: by 10.68.50.130 with HTTP; Tue, 26 Apr 2011 07:23:11 -0700 (PDT) X-Originating-IP: [93.221.187.53] In-Reply-To: <20110426104151.596bcc19@gumby.homeunix.com> References: <20110425151846.0a5359fd@gumby.homeunix.com> <20110425151536.GA61425@stainmore> <20110425175420.GA61811@stainmore> <20110425232908.4104e026@gumby.homeunix.com> <20110426025614.GA62745@stainmore> <20110426104151.596bcc19@gumby.homeunix.com> Date: Tue, 26 Apr 2011 16:23:11 +0200 Message-ID: From: "C. P. Ghost" To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Password theft from memory? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 14:23:13 -0000 On Tue, Apr 26, 2011 at 11:41 AM, RW wrote: >> The above quote states that the memory not occupied by the remapped >> object is zero filled. Which is to say that memory allocated by mmap() >> is either filled with new data or filled with zeros. > > In context it says: > > =A0 =A0 "If len is not a multiple of the page-size, the mapped region may > =A0 =A0 extend past the specified range. =A0Any such extension beyond the > =A0 =A0 end of the mapped object will be zero-filled." > > To me the most straightforward reading of that is that it's referring > to non-aligned address ranges. > > Your interpretation may well be the intended one, but where would that > leave the anonymous mappings used by malloc? Are we to think of them as > extensions beyond a non-existent mapped object, and thus infer that they > are zero-filled? It's a bit of a stretch from what's written. While it's not a *proof*, you could always do a little bit of black box testing. 1, So how about a little C program scanner.c that allocates a huge heap via mmap(2)'s malloc(3) backend, and crawls that buffer, looking for the first non-zero byte? If we always get zero-filled pages, you shouldn't find any non-zero bytes there. 2. For good measure, another program filler.c could fill a huge heap with a particular easily recognizable pattern (say something like 0xdeadbeef), and exit; and then, scanner.c could not only check for non-zero byes, but also for that particular pattern. -cpghost. --=20 Cordula's Web. http://www.cordula.ws/