From owner-freebsd-security@FreeBSD.ORG Mon Jun 19 08:43:54 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFC9A16A504 for ; Mon, 19 Jun 2006 08:43:54 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail12.syd.optusnet.com.au (mail12.syd.optusnet.com.au [211.29.132.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id B34AA43D48 for ; Mon, 19 Jun 2006 08:43:53 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail12.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k5J8hoOG032431 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 19 Jun 2006 18:43:50 +1000 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.6/8.13.6) with ESMTP id k5J8hnbN001270; Mon, 19 Jun 2006 18:43:49 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.6/8.13.6/Submit) id k5J8hnnA001269; Mon, 19 Jun 2006 18:43:49 +1000 (EST) (envelope-from peter) Date: Mon, 19 Jun 2006 18:43:49 +1000 From: Peter Jeremy To: "R. B. Riddick" Message-ID: <20060619084349.GA966@turion.vk2pj.dyndns.org> References: <3bcb4e3f0606181309h70c08dc6l691bbb6e5b48615a@mail.gmail.com> <20060618203903.31161.qmail@web30306.mail.mud.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <20060618203903.31161.qmail@web30306.mail.mud.yahoo.com> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2006 08:43:55 -0000 --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, 2006-Jun-18 13:39:03 -0700, R. B. Riddick wrote: Instead of >zero'ing pages immediately after the process does not need them >anymore, it would be much better, to keep the system safe >(especially: security relevant software patches; and (even more) >physical safety) The Unix model provides security as long as you don't bypass the access controls by (eg) reading /dev/mem. The OS only needs to explicitly zero a page if it is handing it back to a process without otherwise initialising it. There's no need to zero a page if it's going to be used to satisfy a pagein request. FreeBSD tries to reduce the effective overhead of page zeroing by zeroing them in the idle loop and keeping a cache of pre-zeroed pages for handing out to processes. --=20 Peter Jeremy --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFElmPF/opHv/APuIcRAr5/AJ0WHP5ubWmzXfcZXjNxKVb6XtNnlACfVLup TfjBJSpkNjCnQXOplaTo0Dw= =xxZa -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT--