From owner-freebsd-questions@FreeBSD.ORG Wed Apr 27 00:46:04 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 37FAB106564A for ; Wed, 27 Apr 2011 00:46:04 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id B8BE48FC15 for ; Wed, 27 Apr 2011 00:46:03 +0000 (UTC) Received: by wyf23 with SMTP id 23so1150554wyf.13 for ; Tue, 26 Apr 2011 17:46:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type :content-transfer-encoding; bh=DcTBrX8NtVKfYNrVLitadLde9o0+ECdEhVRwiZcjyWk=; b=Ts+CjUQv5t3k1yGKlchmI9MDG/zK4Ln5Kj11QfdKaM3LiB7afy0xweq+uAs4vUY8dV iQlGJC0GHMGFtxnhk05hyqv/9o8czPARhwduddNriCouYJ7JLS77pTDA6uae6J91noF/ dp6YdwzvsfAzPqs01fmSQ1L7nVSoh4a30MkXs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=NlyS6g6mTqjlRvlZ7ngkOfe7GGdpA8lJuJDmYKFyZ3yOCTfDzuqaOqab1XWV+tqh7C GJICA+2ebnM/oWszbysVMO1TPkmAmlNS3+sEq5r4LKDeX3WXwAV9cfUlWbnLrmh478Al zLK7j87uySP8YFSGMA7DrpdYj20FWQvULHn9Q= Received: by 10.227.9.131 with SMTP id l3mr1436333wbl.54.1303865162687; Tue, 26 Apr 2011 17:46:02 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk [87.194.105.247]) by mx.google.com with ESMTPS id u9sm139231wbg.34.2011.04.26.17.45.59 (version=SSLv3 cipher=OTHER); Tue, 26 Apr 2011 17:46:01 -0700 (PDT) Date: Wed, 27 Apr 2011 01:45:54 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20110427014554.1e4c5281@gumby.homeunix.com> In-Reply-To: References: <20110425151846.0a5359fd@gumby.homeunix.com> <20110425151536.GA61425@stainmore> <20110425175420.GA61811@stainmore> <20110425232908.4104e026@gumby.homeunix.com> <20110426025614.GA62745@stainmore> <20110426104151.596bcc19@gumby.homeunix.com> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Password theft from memory? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2011 00:46:04 -0000 On Tue, 26 Apr 2011 16:23:11 +0200 "C. P. Ghost" wrote: > On Tue, Apr 26, 2011 at 11:41 AM, RW > wrote: > >> The above quote states that the memory not occupied by the remapped > >> object is zero filled. Which is to say that memory allocated by > >> mmap() is either filled with new data or filled with zeros. > > > > In context it says: > > > > =A0 =A0 "If len is not a multiple of the page-size, the mapped region > > may extend past the specified range. =A0Any such extension beyond the > > =A0 =A0 end of the mapped object will be zero-filled." > > > > To me the most straightforward reading of that is that it's > > referring to non-aligned address ranges. > > > > Your interpretation may well be the intended one, but where would > > that leave the anonymous mappings used by malloc? Are we to think > > of them as extensions beyond a non-existent mapped object, and thus > > infer that they are zero-filled? It's a bit of a stretch from > > what's written. >=20 > While it's not a *proof*, you could always do a little bit of black > box testing. I didn't really doubt it, if sbrk zero-filled then it would be a major security regression if mmap didn't provide the same behaviour.=20 =46rom vm_fault.c it looks clear a zeroed page is allocated when the location is neither file-backed nor written-out to swap. That's probably why mmap(2) doesn't bother to mention zero-filling except in a special case. =20