From owner-freebsd-questions@FreeBSD.ORG Sun Apr 24 18:17:07 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 818F7106564A for ; Sun, 24 Apr 2011 18:17:07 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4646C8FC14 for ; Sun, 24 Apr 2011 18:17:06 +0000 (UTC) Received: by vws18 with SMTP id 18so1896522vws.13 for ; Sun, 24 Apr 2011 11:17:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.92.45 with SMTP id cj13mr4949995vdb.105.1303667621600; Sun, 24 Apr 2011 10:53:41 -0700 (PDT) Received: by 10.52.163.39 with HTTP; Sun, 24 Apr 2011 10:53:41 -0700 (PDT) X-Originating-IP: [93.221.190.223] In-Reply-To: References: Date: Sun, 24 Apr 2011 19:53:41 +0200 Message-ID: From: "C. P. Ghost" To: Modulok Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: Password theft from memory? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Apr 2011 18:17:07 -0000 On Sun, Apr 24, 2011 at 7:10 PM, Modulok wrote: > I don't know if this is a problem on FreeBSD... > > Process A requests memory. > Process A Stores a plaintext password in memory or other sensitive data. > Process A terminates and the memory is reclaimed by kernel. > > Process B requests a *huge* chunk of memory. > Process B crawls the uninitialized memory, looking for ProcessA's previously > stored password. > > Does anyone know if this is even possible on FreeBSD? Please correct me if I'm wrong (I didn't check the sources), but... short answer: it shouldn't happen, because pages allocated to a new process are zero-filled by the kernel (lazily via zero-fill page faults when process B crawls the memory the first time). On the other hand, I'm not sure if the pass phrase would be visible via /dev/kmem before those pages are actually zero-filled by the new process. Must check the source for exit(2). > Thanks! > -Modulok- -cpghost. -- Cordula's Web. http://www.cordula.ws/