From owner-freebsd-security@FreeBSD.ORG Sun Jun 18 09:25:23 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3087C16A47D for ; Sun, 18 Jun 2006 09:25:23 +0000 (UTC) (envelope-from nick@nickwithers.com) Received: from mail.nickwithers.com (mail.manrags.com [203.219.206.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E7CE43D46 for ; Sun, 18 Jun 2006 09:25:22 +0000 (GMT) (envelope-from nick@nickwithers.com) Received: from localhost (shmick.shmon.net [10.0.0.252]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.nickwithers.com (Postfix) with ESMTP id C5DBD3A9C5; Sun, 18 Jun 2006 19:25:12 +1000 (EST) Date: Sun, 18 Jun 2006 19:25:12 +1000 From: Nick Withers To: "Nick Borisov" Message-Id: <20060618192512.dffbd7f3.nick@nickwithers.com> In-Reply-To: <3bcb4e3f0606180127m3c4fdb13n2b42deb881b7bdc6@mail.gmail.com> References: <3bcb4e3f0606180056o63424cc0g5c121443e45fa333@mail.gmail.com> <3bcb4e3f0606180127m3c4fdb13n2b42deb881b7bdc6@mail.gmail.com> Organization: nickwithers.com X-Mailer: Sylpheed version 2.2.6 (GTK+ 2.8.19; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-nickwithers-MailScanner: Found to be clean X-nickwithers-MailScanner-From: nick@nickwithers.com Cc: freebsd-security@freebsd.org Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2006 09:25:23 -0000 On Sun, 18 Jun 2006 12:27:22 +0400 "Nick Borisov" wrote: > Hello everyone! > > Could you tell me if FreeBSD supports memory page nulling when > releasing it to prevent unauthorized access to data left in the page > after it's allocated again. I'm certainly not as expert in this area, but I thought I'd offer the following suggestions anyway (I'm assuming you're coding in C, here): - You might want to look at _malloc_options / MALLOC_OPTIONS (for example, '_malloc_options = "J";'), though this might be an expensive way to achieve the goal. See man 2 free for more information - You could zero a memory range explicitly before free()ing it, using bzero(3) or memset(3), for instance, or even just by assignment in some cases. This has the notable advantage that you can hand-pick which data you're zeroing based on individual merit > If it does, what sys calls etc provide that? > IMHO this is an important issue when operating data with different > sensivity levels. > > Thanks in advance. > > Nick Hope that helps! -- Nick Withers email: nick@nickwithers.com Web: http://www.nickwithers.com Mobile: +61 414 397 446